We are pleased that you are using G DATA VPN. In the following, we would like to inform you about which personal data G DATA processes and for what purposes.                      We also inform you about other important details under data protection law, for example about your rights.

1. responsible body and data protection officer

The controller for the data processing described below is

G DATA CyberDefense AG
Königsallee 178 a
D-44799 Bochum
Bochum, Germany

E-mail: info@gdata.de

You can also send further questions about data protection by e-mail to: dsgvo@gdata.de

Our external data protection officer is

Ali Tschakari
Bitkom Servicegesellschaft mbH
Albrechtstrasse 10
10117 Berlin

You can send inquiries to the following e-mail address: datenschutz@bitkom-consult.de

2 Purposes and legal bases of processing

We process your personal data for the purpose of providing and licensing the G DATA VPN service. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (fulfillment of contract). In the case of trial versions, there is also a pre-contractual obligation within the meaning of Art. 6 para. 1 lit. b GDPR.

3. data collected

Depending on the platform and usage situation, we process the following data

•      • When the VPN connection is activated:
       Hash value of your IP address (to establish the connection), connection duration, amount of data transferred (in bytes)
•      • Registration (Windows version):
       Name, e-mail address, registration number
•      • App registration & in-app purchases (Android & iOS):
       Email address, device identifier (e.g. random ID, device name), information from Google or Apple for purchase processing. Please note that when using in-app purchases,
•      the data protection provisions of the respective platform provider (Google or Apple) also apply. We only receive information from these providers about
•      successful purchase processing, but do not have access to your payment data.
•      • Updates & license check:
       IP address, registration data (to validate the license)

If you only use G DATA VPN as part of a trial version, we only process your e-mail address to provide and manage the trial license.

We do not store the content of your transmitted data or your browser history. We do not monitor your Internet activities.

4. obligation to provide

The provision of your personal data is contractually required in order to use G DATA VPN. Without this data, registration, activation or use of the service is unfortunately not possible.

5. recipient

For the technical provision of the VPN service, we use the infrastructure of our sub-processor IPVanish, Inc., a US technology provider based at 114 5th Ave,15th Floor, New York, NY 10011, USA . IPVanish processes the hash value of your IP address and connection metadata (connection duration, amount of data transferred in bytes) for us in order to establish and maintain the encrypted VPN tunnel. The content of your Internet traffic is not analyzed.

In addition, depending on the platform you use, the following companies may also be recipients of transaction data in the context of in-app purchases:

•      • Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
•      • Apple Distribution International Ltd, Hollyhill Ln, Hollyhill Industrial Estate, Cork, T23 YK84, Ireland

These companies provide us with information required to verify and activate your license. We do not receive payment data.

6 Third country transfer

The processing of certain connection data is carried out by our sub-processor IPVANISH, Inc, 114 5th Ave,15th Floor, New York, NY 10011, USA. The United States is considered a so-called third country within the meaning of the GDPR. There is currently no adequacy decision by the European Commission pursuant to Art. 45 GDPR.

The transmission of your personal data (in particular the hash value of the IP address and technical connection data) is therefore based on the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR. IPVanish is contractually obliged to comply with a level of data protection comparable to EU law and has implemented comprehensive technical and organizational protective measures.

In addition, IPVanish is certified under the EU-U.S. Data Privacy Framework (DPF) by the U.S. Department of Commerce. You can find the corresponding entry at: www.dataprivacyframework.gov.

7. storage period

The data will only be stored for as long as is necessary to provide the service or for as long as there are statutory retention obligations.

8. your rights

You have the right at any time

•      • to information about the data stored about you (Art. 15 GDPR)
•      • to rectification of inaccurate data (Art. 16 GDPR)
•      • to erasure (Art. 17 GDPR)
•      • to restriction of processing (Art. 18 GDPR)
•      • to data portability (Art. 20 GDPR)
•      • to object to the processing (Art. 21 GDPR)

Automated decision-making including profiling in accordance with Art. 22 GDPR does not take place in connection with G DATA VPN.

9. right to lodge a complaint

If you believe that we are violating applicable data protection law when processing your personal data, you have the right to lodge a complaint with a data protection supervisory authority.

To do so, you can contact the authority responsible for your place of residence or workplace or the supervisory authority at our company headquarters:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf