Privacy Policy. How VPN helps to protect you?

Privacy Policy

By using VPNgogo service you agree to our Terms and Conditions, Privacy Policy and Refund Policy.

Thanks for shopping at vpngogo.net.

We understand that you are committed to safeguarding the privacy and security of your data. This privacy policy will help you understand how VPNgogo collects, uses and stores information.

General provisions

The Privacy Policy (hereinafter referred to as Policy) was prepared in accordance with the effective Russian and international laws governing personal data processing. The Policy was prepared to protect the rights and freedoms of individuals and their personal data processed by VPNGoGo.

The following terms and definitions related to the personal data processing shall be used in the document:

“Personal data” shall mean any data related to the determined or determinable individual (“personal data subject”); a determinable individual here is an individual that can be identified directly or indirectly using the identifiers such as a name, an identification number (including a tax identification number, an insurance number, etc.), address, Internet identifiers (IP addresses, identifiers such as cookie files or other identifiers). Personal data shall not include data of deceased persons or anonymous data: information that is not related to the determined or determinable individual, and personal data provided anonymously in such a way that the personal data subject cannot be identified without the additional data.

“Personal data processing“ shall mean any operation or a collection of operations related to the personal data processing with or without automated tools, including collecting, recording, systematization (organization, structuring), accumulation, storage, refinement (updating, editing), retrieval, use, transfer (sharing, grant, access), anonymization, blocking, removal, and destruction.

“Data processor“ shall mean an individual or a legal entity that processes personal data on behalf of the controller.

“Personal data processing“ shall mean a free, comprehensive, explicit and substantive expression of the subjects' will by which they accept the processing of their personal data.

“Unauthorized personal data access“ shall mean a security breach that may result in the accidental or unlawful loss, alteration, unauthorized disclosure or access to the provided, saved or in any other way processed data (“personal data leaks”).

The terms and definitions not covered by the Policy shall be interpreted in accordance with the effective Russian and international laws.

This Policy is a public document that defines the basic principles, purposes, conditions and means of personal data processing, the lists of subjects and data collected by the data processor, functions of the personal data processors, rights of the personal data subjects, and the list of the measures taken to guarantee personal data security during data processing.

In personal data processing, the processor is guided by the effective Russian and international laws governing personal data processing; labor and tax laws of the Russian Federation; and other legal instruments of the Russian Federation.

General provisions

The following terms and definitions related to the personal data processing shall be used in the document:

“Data processor“ shall mean an individual or a legal entity that processes personal data on behalf of the controller.

“Personal data processing“ shall mean a free, comprehensive, explicit and substantive expression of the subjects' will by which they accept the processing of their personal data.

The terms and definitions not covered by the Policy shall be interpreted in accordance with the effective Russian and international laws.

Principles of personal data processing

The Processor shall process personal data on the legal and fair basis to carry out the statutory functions, powers and duties; to exercise rights and justified interest of the Processor, Processor’s employees and the third parties. The Processor makes every effort to protect personal data in accordance with the following principles:

- personal data processing shall be limited to the achievement of the specific predefined and lawful purposes; personal data processing that is incompatible with the purposes of the personal data collection shall be prohibited;

- nature and extent of the processed personal data shall be compatible with the stated purposes of the personal data processing. Processed data shall not exceed the stated purposes of the personal data processing;

- in processing personal data, the Processor shall guarantee its accuracy, sufficiency, and, when necessary, relevance in accordance with the purposes of the personal data processing. The Processor shall make every effort or guarantee that the measures are taken to remove or refine any incomplete or inaccurate personal data;

- the processed personal data shall be destroyed or anonymized after the stated purposes of data processing are achieved, or if it is no longer necessary to achieve those purposes, unless otherwise is specified in Russian effective legislation;

- transparency in respect to the functions and personal data processing that enables the data subject to control data processing and the data processor to design and improve protection methods t0 guarantee the personal data safety (its integrity and confidentiality).

List of subject’s personal data processed by the data processor, purposes of data processing

The processor shall process personal data of individuals; third parties that are in any civil-legal relations with the processor and the processor’s counterparties; an of any other personal data subjects to acheive the statutory purposes of the data processing specified in this part.

Processor has the right to process the following personal data of the third parties: the first name, the middle name, the last name, a patronymic name (including any former names), a date and a place of birth, gender, age, citizenship, passport details, details of other identity documents (a travel passport), a residential address (postal and physical address), a date of registration at the permanent address, contact phone numbers, email addresses, other means of personal communication, bank account details, a number and a series of state pension insurance certificate, the Internet identifiers (IP addresses, identifiers such as cookie files or other identifiers that are not anonymous that allow to identify the personal data subject) and other data (personal data) that is necessary to achieve the purposes specified in this policy and in the third party’s consent. This policy covers the processing of personal data collected on the Internet, and only for the data that allow to identify the personal data subject.

The processor shall not process specific categories of third parties' personal data, namely: biometrics; data, relating to the racial or ethnic origin, political, religious or philosophical views and beliefs, personal life.

The processor shall process third parties' personal data in accordance with the purposes of the personal data processing stated in the policy and personal data subject’s consent.

Procedure of processing personal data

The processor receives personal data directly from the personal data subject and processes it with the subject’s consent using the automated means (using computing devices) and/or non-automated means (without using computing devices). If the Processor can receive subject’s personal data from the third party only, the processor shall notify the subject on this matter in advance and get the subject’s written consent. The processor shall inform the personal data subject about the purposes, sources, ways of receiving the data, nature of the data to be received, and the consequences of the refusal to provide the written consent to process the data.

Actions related to the personal data processing include collecting, recording, systematization (organization, structuring), accumulation, storage, refinement (updating, editing), retrieval, use, transfer (sharing, grant, access) to the third parties, anonymization, blocking, removal, and destruction.

The databases that store personal data of the subjects shall be located in the Russian Federation. The Processor provides access to personal data of the subjects to the admitted persons who have the right to receive the data that is necessary to carry out their functions only. Processor warns the individuals who process personal data that the data can be used only for the stated purposes and requires the confirmation that they comply with the hereinabove mentioned rule.

Measures taken by the processor to protect personal data

When processing personal data, the processor shall take all necessary and sufficient measures at its own expense to guarantee that the processor's functions stated by the Russian law governing personal data processing shall be carried out, including the following:

- putting in place legal, institutional and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, sharing access, dissemination of personal data, or from other unauthorized actions with personal data;

- adoption of local legal provisions and other documents governing the personal data processing;

- sensitizing processor’s employees to the Russian laws and local legal provisions governing personal data processing including personal data protection requirements;

- providing a free public access to the policy;

- establishing rules that shall regulate the access to personal data processed within the Processor’s informational system and control of all actions with the data;

- assessment of the possible damage that may be done to the personal subjects’ data; assessment of the measures taken to guarantee personal data safety before putting the processor’s informational system into service;

- identifying security threats of personal data processing, assessment of risks related to personal data processing, introducing measures to reduce the risks and promote security (confidentiality) considering the state of technology at that time and the cost to implement these technologies;

- detecting any cases of the unauthorized access to personal data (personal data leak) and taking measures to respond, including restoring personal data, modified or destroyed as a result of unauthorized access;

- securing separate storage of personal data and their material carrier that is being processed to accomplish different purposes and that contain different categories of personal data;

- termination of data processing and destruction of personal data in cases provided by the Russian laws governing personal data processing;

- internal records of personal data processing and control of personal data processing compatibility with the requirements in the area of personal data processing and this policy;

- taking other measures to protect personal data.

Rights of personal data subjects

The personal data subject has the right to:

- receive full information about personal data processed by the Processor and methods of the data processing;

- get access to subject’s personal data, purposes of data processing, information about third parties that have access to personal data, and other data specifoied in Russian laws;

- refinement, editing the subject’s personal data, data blocking and destruction in cases if data is incomplete, out-of-date, fraudulently obtained or not necessary for the stated purposes of the data processing;

- revoke a consent with the personal data processing;

- object to personal data processing for the purposes of meeting the legitimate concern of the processor, including the marketing goals;

- restrict personal data processing (in case of verification of the personal data accuracy, the legitimacy of data processing for the duration of inspection, expiration of data processing period, subject to the judicial disputes);

- implementation of the statutory measures to protect the subject’s personal data;

- protect their rights and legitimate interests, including a compensation for loss;

- exercise any other rights provided for by the Russian law.

Rights and obligations of processor

Upon receipt of the personal data subject’s request to access, edit, refine, block, destroy the personal data or any other related request, the Processor shall provide a response and grant the personal data subject’s request or specify within 30 (thirty) calendar days why it is not possible to grant the request. When technically possible, the processor shall arrange a way to accept electronic requests from data subjects. In this, the processor shall confirm the identity of the personal data subject, for example, using the electronic digital signature or other identification means.

Revocation of the personal subject consent to process data shall not affect the legitimacy of the processor’s rights to process data that were assigned to the processor before the revocation.

In the event of personal data leakage, the processor has to thereof immediately (no later than three working days) notify the personal data subject and provide recommendations that can reduce the possible negative impact; and also take all the measures to reduce the risk of damage.

The right of the personal data subjects to delete their data shall be reinforced immediately on the following grounds:

- personal data is no longer required to achieve the purposes for which it was obtained;

- the personal data subject revoked the consent and there is no other legal basis for data processing;

- the data subject objects to the data processing according to para.7, article 6.1 of the Policy and there is no overriding legal basis to continue processing;

- data has been processed illegally or there are any other grounds to delete personal data in order to ensure that the Russian and international laws are observed.

Hereinabove described rules are not applicable when data processing is required to comply with the Processor’s legal obligations in the public interest, for legal protection from claims, in other cases established by Russian and international law. The Processor shall take all possible measures to inform about changes or removal of the personal data to the third parties that had access to personal data, excluding authorities and the cases when this prooves to be impossible or requires a disproportionate amount of effort (expenses).

The right of the personal data subjects to access their personal data can be restricted in accordance with the Russian law.

The processor reserves the right to change the Policy or approve a new version unilaterally, without notifying the data subject. A hereinabove mentioned notification can be sent to the data subject by placing a new version of the policy on the official website of the processor, by sending information via electronic or any other channels.