This privacy policy (“Privacy Policy” or “Policy”) sets forth the privacy practices of Private Internet Access, Inc., (collectively, ‘We,’ ‘Us,’ ‘Data Controller,’ ‘Company,’ or 'PIA’) and applies to users (“User(s)” or “You”) of the PIA’s services, including, inter alia, the PIA VPN service (“Service”) and PIA website at www.privateinternetaccess.com (“Website”).
The processing of personal data, such as the e-mail address or payment information of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to PIA. By means of this data protection declaration and Privacy Policy, we are informing the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the data controller for personal data, we administer strict policies safeguarding your privacy and security. By agreeing herein, you also signify your acceptance of, and agree to be bound by this Policy interpreted in line with the Terms of Service, the Cookie Policy, the Digital Millennium Copyright Act (DMCA) policy which are hereby incorporated herein by reference (the DMCA policy, Terms of Service, and the Privacy Policy are sometimes referred to collectively as the “Policies") into this Privacy Policy.
Personal Data means any information that relates or may be associated to an identifiable person. The personal Data will collect vary depending on your use of PIA’s Website or Service, as follows:
From Clients of our ServiceNon-personal Data is not associated with or linked to your Personal Information. Thus, Non-personal Data does not permit the identification of individual persons. Non personal data we collect include:
You have the option to register on PIA website by inserting your username and password. The Personal Data entered is collected and stored exclusively for internal use by PIA, and for its own purposes. By registering on the website, the payment method, login ID, date and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties except as stated herein. Through registering on PIA’s website, you may exercise your rights as indicated below, through the website.
The registration of your data is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users.
PIA strives to protect the privacy rights of our clients. We do not share, sell, rent or trade your Personal Data with third parties other than as disclosed within this Privacy Policy. We may disclose your Personal Data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy.
Additionally, although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the "spirit" and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option, we will provide the user an opportunity to object to any requested disclosures. PIA will not participate with any law enforcement request that is unconstitutional.
Furthermore, we may share your personal information with third part service provides that we may engage to improve the Service. In particular, in order to assist you if you have questions while using our Website or regarding your order and provide comprehensive customer support, we offer the possibility of online chat. For the use of such online chat, you will be requested to provide Personal Data such as name and email. When a user visits the Private Internet Access online chat page we use Deskpro, Deskpro stores in its own database: visitor_id (a unique identifier randomly generated when someone visits the page, stored in their cookies), browser used to log in, country, and date visited. Name, account ID, and email address may be collected and stored if this information is provided for support tickets submitted to Private Internet Access. We may also use Deskpro as a medium for communications, either through email, or through direct messages within the Deskpro platform. As such, any messages sent via live online chat, tickets, or emailed to [email protected] will be stored on Private Internet Access servers. We may use the data collected via Deskpro in order to improve customer experience. Your data may be internally analyzed to understand trends in customer behavior, demographics, and selections. We will never sell information to any third-parties. Deskpro maintains its own separate privacy policy that is separate from Private Internet Access and can be located at https://www.deskpro.com/legal/privacy/.
PIA itself does not process any orders or payments. We work exclusively with payment processors such as Stripe, Amazon payments, Bitpay and Paypal. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/us/privacy (Stripe), https://pay.amazon.com/help/201212430 (Amazon), https://bitpay.com/about/privacy/ (Bitpay), and https://www.paypal.com/us/webapps/mpp/ua/privacy-full (Paypal). The payment processors privacy policy governs the collection and use of the information collected during the check-out process which we recommend you review prior to placing an order or providing any information.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion as detailed above. Please note that unless you instruct us otherwise, we retain the information we collect for as long as needed to provide the Service and to comply with our legal obligations, resolve disputes and enforce our agreements.
The State of California requires us to post specific language related to our Privacy Policy. By default, PIA does not share your Personal Data with any third parties aside from the disclosures already made in this Privacy Policy. However, if you wish to inquire into how PIA does not share our user's Personal Data with third parties for direct marketing purposes, you may contact:
Our current data protection officer can be reached at the following information below.
Dr. Venetia ArgyropoulouPursuant to California Civil Code Section 1798.83, if you live in the State of California and your business relationship with us is mainly for personal, family or household purposes, you may ask PIA about the information we release to other organizations for their marketing purposes. To make such a request, please send an email to [email protected] with “CCPA privacy request” as the subject. You are allowed under California law to request this information one time each calendar year. We will email you a list of categories of Personal Data we may have revealed to any third parties in the last calendar year, along with their names and addresses. Not all Personal Data shared in this form is included under Section 1798.83 of the California Civil Code. Please also see this California specific privacy notice for more details related to your rights as a California resident under the CCPA.
Only key employees of PIA and PIA’s Group with a need to administer or process Personal Data are granted access to the servers and information where Personal Data is stored. Personal Data is maintained in an encrypted form.
We collect information globally and primarily store that information in the United States. If we transfer your Personal Data from the United States, we will request your consent.
The Children’s Online Privacy Protection Act (COPPA) was passed to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13. Our online services are not directed to children under the age of 13, nor is information knowingly collected from them. For additional information on COPPA protections, please see the FTC website at: https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online
Your principal rights under data protection law in relation to your Personal Data are:
We provide you with the ability to exercise the above rights along with certain choices and controls in connection with our treatment of your Personal Data. To exercise your rights through your account please contact our Data Protection Officer (“DPO”) at:
Dr. Venetia ArgyropoulouIn the event you make such request, note that we may require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.