Here at CyberGhost, we’ve always followed the Privacy by Design principle.
CTO, CyberGhost VPN
CyberGhost has an unequivocal company policy: the strongest observance of data protection and uncompromising protection of user privacy.
When using the CyberGhost VPN, we have no idea about your traffic data such as browsing history, traffic destination, data content, and search preferences. These are NOT monitored, recorded, logged or stored by us.
More than this, when using the CyberGhost VPN, we are NOT storing connection logs, meaning that we DON'T have any logs tied to your IP address, connection timestamp or session duration. We do NOT have any access to the credit card information you submitted to our payment processor and we DO NOT connect your payment or information with any kind of online activity done by you inside the CyberGhost VPN tunnel.
What does this policy cover?
This Policy applies to all Services that we offer via our entire suite of apps, and also applies to the Website as well as your use of CyberGhost VPN ("Services"). This Policy does not apply to any website, product or service of any third-party company even if the website links to (or from) our Website. Please always review the privacy practices of any third-party company before deciding whether to provide any information. By using our Website or Services, you are accepting the practices described in this Policy. If you do not agree with this Policy, please do not visit or use our Website or Services. Your continued use of our Website or Services will signify your acceptance of this Policy.
What data do we collect?
Information related to your account ("Personal Data"):
When registering through our Website you will be requested to provide your name, address, e-mail address, username and payment information which you submit to us voluntarily when you order or subscribe for our Services, as well as when you fill out any of the contact forms on the Website. This information is collected for proper administration of your account and/or subscription and to offer you customer support and, to the extent you so choose, to provide you with our newsletter and occasional promotional offers. Additionally, as part of our fraud detection measures, we shall collect data relating (i) to Website usage information, such as IP address (captured and stored in an anonymized format), approximate location (country only), (ii) transaction information, items purchased, the price paid, billing method, partial credit card information, chargeback requests, cancelled orders. The above mentioned Personal Data is not, at any point, associated with any kind of activity done by the user inside the CyberGhost VPN tunnel which is NOT recorded, logged or stored at all.
Anonymous Information ("Non-personal Data"):
Additionally, we collect and/or receive and store certain non-personal information ("Non-personal Data") whenever you interact with us. This exchange of information occurs between your browser and our affiliates or our server occurs automatically upon accessing our pages. Through such exchange we receive Non-personal Data including without limitation, data relating to the browser you are using, mobile/desktop device, general properties and metadata, OS version, preferred language, the date and time of your visit, battery charge, screen resolution, Google Advertising ID, Gyro-sensor data, screen size, Connectivity (WLAN), Mobile service provider, the referring website and your preferences in our Websites during your visit. We collect such statistical information about usage as aggregate data from both the Website and Service in order to maintain a better customer experience as well as a high level of quality for the Service.
With regards to the CyberGhost VPN, Non-personal Data is not associated with or linked to your Personal Information. Thus Non-personal Data does not permit the identification of individual persons. Additionally, Non-personal Data do not include any information about the activity performed by the user inside the CyberGhost VPN tunnel such as browsing history, web content accessed, destinations of VPN traffic, DNS queries and IP addresses. We use this information for internal monitoring, analytics and improvement of our services in the way described in this Policy. Additionally, at your sole discretion you may approve VPN connection diagnostics which allows for app data to be sent by the user to the customer support team, similarly to a "report a bug"feature. A connection log may also be sent together with a ticket that is raised with our customer support, so our team can debug any faults that may appear and result in a bad experience for the user.
How do we collect personal data?
Users may opt out of any unwanted emails by the unsubscribe option in the emails or by contacting us directly at email@example.com.
In order to maintain a high-quality degree for our service and also an excellent customer support experience, CyberGhost is using certain 3rd parties to collect and process the following aggregate data:
How do we collect non-personal data?
We automatically collect anonymous Non-personal Information through different technologies as described below.
Appsflyer: Third party analytics, like Appsflyer, are also used to track and measure usage of the Site so that we can continue to provide engaging content. These cookies may track your use of the Website, including without limitation, how long you spent on the Website or specific pages you visited, which helps us to understand how we can improve the Website. Appsflyer: https://www.appsflyer.com/legal/services-privacy-policy
This website uses Mouseflow: a website analytics tool that provides a review of individual experiences or zoom out to identify patterns, while capturing real feedback to uncover optimization opportunities. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser
- For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr .
- For more information on Mouseflow and CCPA, visit https://mouseflow.com/ccpa .
Mouseflow does not set any cookies.
Lastly, as stipulated above to provide you with online chat support, we use Zendesk. Zendesk collects both personal as well as anonymous information. It collects anonymous information by placing cookies in your browser.
The performance of the Service is measured through a series of events sent anonymously to third-party services which is building aggregate data based on certain trends. Few examples of events are indicatively mentioned below:
Connection Attempt: We collect this information to know the usage request directed to our Service on a particular hourly/daily/weekly/monthly interval, the country of origin (but not your source IP address), your CyberGhost VPN version, etc. This metric allows us to properly adjust our infrastructure according to the demand.
Connection Successful: We collect this information to know how many users per hourly/daily/weekly/monthly intervals successfully established VPN connections to our service. This information correlated with the above event results, is helping our engineers to determine if there are any network issues which might prevent users from starting the service, identify peak hour intervals for our service so we can have the infrastructure scaled to meet the requests, etc.
Ordering Our Service
To order our Service you must choose which option works best for you on our pricing page, once you click on order now you will be asked to register to create a secure account by inserting your email account. Thereafter you will be asked to choose your method of payment between credit card, paypal and bitcoin. The specific information collected varies depending on the payment method you choose. To minimize the amount of Personal Data you submit to us, we recommend that you use bitcoin payments when subscribing to our Service.
Please note that CyberGhost itself does not process any orders or payments. We work exclusively with payment processors such as Cleverbridge (cleverbridge AG, 2-4 Brabanter Str., 50674 Cologne, Germany) and/or Stripe and/or Paypal. You can find information about the payment services providers' privacy policies and practices at https://grow.cleverbridge.com/privacy-policy and https://stripe.com/privacy.
Once you chose your selected way of payment and click "continue to payment" (or similar wording), you will be directed to our third-party payment gateways domain. Although this page may have the look and feel of the Website please make sure that you are aware that you are now on our third party payment processor's site in order to complete your transaction. The name, address, card number, expiration date, and email address will be collected by the applicable, third party payment processor to process your request. Your name and email address will be shared back with us in order for us to provide you with your subscription to CyberGhost VPN.
Why do we collect Your Personal Data?
We collect the Personal Data for the purpose of:
- Service improvement and personalization of the user experience on CyberGhost VPN
- The proper administration of our Website and business
- The performance of the contract between you and us and/or taking steps, at you request, to enter into such a contract
- Scientific research, fraud detection/prevention and improvement of the Service
- To notify you of our new services or changes to our existing Services
- To send you technical or service-related communications
- To enforce the Terms of Service
- Customer Analytics
Sharing Your Personal Data
We may further collect and possibly share your Personal Data to enforce the Terms of Service. This may be done to prevent a crime or violation of our Terms of Service or to help solve a transgression that has been committed.
We also reserve the right to disclose your Personal Data as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our Web site.
Security of Your Personal Data
We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. In March 2012, CyberGhost had successfully passed an audit and verification conducted by QSCert for the implemented Information Safety Management System (ISMS) according to the international industrial standards ISO27001 and ISO9001. The certification confirms the high quality of the internal safety processes and is renewed yearly ever since. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If you have reason to believe that your interaction with the Website is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
During the development of the Service and the selection of its service providers, CyberGhost has paid attention to providing a high degree of safety:
All data processing centers with which CyberGhost cooperates pass through a compliance process. CyberGhost has generally Root Access to all its servers and administers them itself.
If you feel that your privacy was treated not in accordance with our Policy, or if any person attempted to abuse our Service or acted in an inappropriate manner, please contact us directly at firstname.lastname@example.org. Further, in the event of a data breach, in which we discover your Peronal Data is at risk, we will notify you immediately through your account or the Website or, if technically possible, by sending you an email.
Your rights and Control:
Your principal rights under data protection law in relation to your Persona Data are:
- (a) the right to access and information which is provided to you through your account;
- (b) the right to rectification;
- (c) the right to erasure;
- (d) the right to restrict processing;
- (e) the right to object to processing;
- (f) the right to data portability;
- (g) the right to complain to a supervisory authority; and
- (h) the right to withdraw consent.
To facilitate the exercise of this rights, we have prepared a specialised form that you can complete when making the request, to expedite our response time.
We provide you with the ability to exercise certain choices and controls in connection with our treatment of your Personal Data. Depending on your relationship with us, these choices and controls may include, access to the Personal Data collected about you that we hold; correcting, updating or deleting the information associated with you that we hold; and in the event, you wish to opt out from the data collection or you are not able to exerciser your rights through your account please contact us at: email@example.com. In the event you make such request, note that we may require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
The following rights (which may be subject to certain exemptions or derogations) shall apply to individuals protected by the CCPA:
- You have the right to know what Personal Information is being collected about you, This include the right to request that we disclose what Personal Information of yours we collect, use, disclose, and sell;
- You have the right to request the erasure/deletion of your Personal Information (e.g. from our records and the records of our service providers). Please note that there may be circumstances in which we are required to retain your Personal Information, for example for the establishment, exercise or defense of legal claims;
- You have the right to know whether your Personal Information is sold or disclosed and to whom;
- You have the right to restriction of, or object to, processing of your Personal Information, including the right to opt in or opt out of sale of your Personal Information to third parties, if applicable, where such requests are permitted by law;
- You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA;
- You have a right to lodge a complaint with your local data protection supervisory authority or before the relevant institutions in your place of residence (e.g. the Attorney General in your State).
- While we cannot guarantee privacy perfection, we will address any requests to the best of our ability as soon as possible. We will process such requests in accordance with applicable laws.
- You can exercise your rights by contacting us at firstname.lastname@example.org or, if you are an individual protected by CCPA, you can make your requests by email. You may use an authorized agent to submit a request on your behalf if you provide the authorized agent written permission signed by you. To protect your privacy and data security, we may take steps to verify your identity before fulfilling your request. We will make every reasonable effort to honor your request promptly in accordance with applicable law and provided it does not adversely affect the rights and freedoms of others. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive
Service Performance Data and CyberGhost VPN Connection Summary Statistics
Through our strict no-logs-policy, we ensure that we do NOT track user traffic performed inside the CyberGhost VPN tunnel such as: browsing history, traffic destination, search preferences, data content, IP addresses or DNS queries. Therefore:
- We do NOT know at any time which user ever accessed a particular website or service
- We do NOT know which user was connected to our CyberGhost VPN service at any given time or which CyberGhost VPN server IP they used
- We do NOT know the set of original IP addresses of a user’s computer
CyberGhost is 100% committed to the no-logs-policy and we do not store them. Logs can easily link actions back to you, and thus at no time can CyberGhost release such logs, as we don’t collect any logs.
You represent and warrant that you are at least 16 years of age and of legal competence to use our Service. If you are under 18, please be sure to read the Agreement with your parents or legal guardians. We do not use the Service to knowingly solicit data from or market to children under the age of sixteen (16). We request that such individuals do not provide Personal Data through our services. If you become aware or have any reason to believe that a child under the age of 13 has shared any information with us, please contact us at: email@example.com and we take reasonable steps to ensure that such information is deleted from our files.
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party behavioral tracking
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion as detailed above. Please note that unless you instruct us otherwise we retain the information we collect for as long as needed to provide the Service and to comply with our legal obligations, resolve disputes and enforce our agreements.
SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW
- California Privacy Rights: California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org Please note that we are only required to respond to one request per customer each year.
- Our California Do Not Track Notice (Shine the Light):
- Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not respond to or honor DNT signals transmitted by web browsers, but we may allow third parties, such as analytics tools providers, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the services.
- Deletion Of Content From California Residents: If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content including Personal Information you have publicly posted. To remove, please send an email to email@example.com. After removal you will not be able to restore removed content. We cannot ensure complete or comprehensive removal of the content, if prohibited by the law.
Data protection officer
Our data protection officer's contact details are: [Venetia Argyropoulou - firstname.lastname@example.org]
Last Updated On: 2021. 9. 21.