Privacy Policy
1. Introduction
This Privacy Policy for 1024 Labs EOOD, a company registered with the Bulgarian Commercial Register at the Registry Agency, with unified identification code 207863310, with seat and registered office: Burgas 8000, 20 Samuil Str., fl. 2 (“Company”, “we”, “us” or “our”) describes how and why we collect, store, use and/or share (“process”) your personal data when you use our services (“Services”), such as when you (“client”, “user”, “you” or “your”):
- Visit our website at https://resiprox.com/ (“Website”);
- Create an account (“Account”) at https://dashboard.resiprox.com
- Get access to a trial or purchase our Services;
- Use our Services, including but not limited to proxy services and other services provided by us in accordance with our Terms of Use available on the Website;
- Contact us.
This Privacy Policy is meant to provide you with information on the types of personal data we use, the ways we process it, your rights regarding your personal data, and other relevant information. We process your personal data in accordance with the applicable Bulgarian legislation and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
We are a data controller of your information. The security of your data is of great importance to us. This is why we protect your data by applying all appropriate technical and organizational measures at our disposal to prevent unauthorized access, unauthorized or malicious use, loss, or premature deletion of information.
Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with this Privacy Policy, please do not use our Services. If you have any questions or concerns, please do not hesitate to contact us at: [email protected] or use the “Live Chat” form on our Website.
2. What Data Do We Collect?
2.1 Data Related to Correspondence or Other Types of Interaction You Have with Us or Our Website
We collect personal data when you interact with our Website and/or when you contact us with inquiries, requests, or other communication including via our Website or otherwise. In this respect, we may process the following types of personal data relating to you:
- Data related to correspondence: name; email address and information you provide us within the communication;
- Log files: We follow a standard procedure of using log files when you interact with our Website or contact us. The information collected by log files includes Internet Protocol (IP addresses), browser fingerprint, Internet Service Provider (ISPs), date and time stamp, referring/exit pages, and possibly the number of clicks. The purpose of the information is to analyze trends, administer the Website, track users’ movement on the Website, maintain the security and operations of our Services, and for our internal analytics and reporting purposes.
- Cookies: In relation to the management and maintenance of the Website, we may use cookies and other similar technologies, e.g., web beacons (beacons/ web bugs/ pixel tags/ clear GIF technologies) to ensure its reliable and efficient operation. You can find out more about the different types of cookies we use, as well as about your options for managing cookies by reading our Cookies Policy published on the Website. The Cookie Policy constitutes an integral part of this Privacy Policy unless expressly stated otherwise.
2.2 Data Related to Creating an Account and/or Using Our Services
We collect personal data that you provide to us when you create an Account, purchase our Services, use our Services, express an interest in obtaining information about us or our Services, or otherwise when you contact us in relation to the Services.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the Services you use. The personal information which we collect may include the following:
- Information about you when you create an Account and/or request to access our Services: name and surname; email address; username; password. We may also collect information regarding your reasons for using our Services.
- Technical data: IP address, geographical location, browser fingerprint and version, Internet Service Provider (“ISP”), operating system, date and time stamp, source Internet Protocol (“IP”), destination domain or IP, website response codes, used proxy server, request/response of the proxy server, connection duration, amount of bandwidth used, and in some cases the number of clicks;
- Payment data: We use third-party providers to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit/debit card numbers. Rather, all such information is provided directly to our third-party payment providers whose use of your personal information is governed by their privacy policies. The third-party payment providers which we use are listed on our Website. In cases when You make payments directly to us via a bank account transfer, we may process your bank account number and other financial information provided by you.
- Log files: We follow a standard procedure of using log files also when you create an Account and/or use our Services. The information collected by log files in such cases includes IP addresses, browser fingerprint, ISPs, date and time stamp, referring/exit pages, and possibly the number of clicks. The purpose of the information is to administer the Services, maintain the security and operations of our Services, and for our internal analytics and reporting purposes.
2.3 Cookies and Similar Technologies
In relation to the management and maintenance of the Website, we may use cookies and other similar technologies, e.g., web beacons (beacons/ web bugs/ pixel tags/ clear GIF technologies) to ensure its reliable and efficient operation. You can find out more about the different types of cookies we use, as well as about your options for managing cookies by reading our Cookies Policy published on the Website. The Cookie Policy constitutes an integral part of this Privacy Policy unless expressly stated otherwise.
2.4 Minors’ Data
Our Services are not meant for use by users who are under 14 years old. If we become aware that we have accidentally collected personal data from a person under the age of 14 years, we will do our best efforts to promptly remove such information from our records.
3. Why Do We Process Your Personal Data?
We process your personal data for a variety of reasons, depending on how you interact with us and our Services, including:
- To facilitate Account creation and authentication and otherwise manage user Accounts;
- To check the identity of our clients or their representatives;
- To deliver and facilitate the delivery of Services to users;
- To respond to users’ inquiries and offer support to users;
- To send administrative information to you – we may process your personal data to send you details about our Services, changes to our terms and policies, and other similar information;
- To request feedback – we may process your personal data when necessary to request feedback and contact you about your use of the Services;
- To send you marketing and promotional communication – we may process your personal data for our marketing purposes if this is in accordance with your marketing preferences. You can opt out of any marketing-related communication at any time. For more information, see the section “What are your privacy rights?” below;
- To protect our Services – we may process your personal data as part of our efforts to keep our Services safe and secure;
- To identify user trends – we may process information about how you use our Services to better understand how they are being used so we can improve them;
- То fulfill our legal obligations for reporting to the relevant national and EU authorities;
- To fulfill our obligations related to online commerce under the Bulgarian E-Commerce Act;
- To fulfill our obligations related to the Bulgarian Accountancy Act and other applicable accountancy and tax legislation;
4. Personal Data Processing for Marketing Purposes
We may use your personal data to contact you with marketing-related offers and promotional communication.
You will receive information about our Services if you provide your contact details in the “Live Chat” form on our Website. We consider that by providing your information in the “Live Chat” form you give us consent to contact you for purposes mentioned in this section.
In cases where applicable law permits us to contact you without separate consent, we will contact you under the legal basis of our legitimate interests to make you an offer of our Services. You can opt out from marketing-related communication that we send you at any time by clicking an unsubscribe button in our emails or by contacting us at [email protected].
5. What Legal Bases Do We Rely on to Process Your Personal Data?
The GPDR requires us to explain the valid legal bases we rely on in order to process your personal data. As such, we may rely on the following legal bases to process your personal information:
- Performance of a contract: we process your personal information when it is necessary to fulfill our contractual obligations to you, including providing our Services.
- Legitimate interest: we process your information when it is reasonably necessary to achieve our legitimate interest and those interests do not outweigh your interest and fundamental rights and freedoms.
- Legal obligations: we process your information where it is necessary for compliance with legal obligations, such as to cooperate with public authorities, exercise or defend our legal rights.
- Consent: we may process your personal information if you have given us consent to use your personal information for a specific purpose.
6. Third Parties Processing Your Data
6.1 Third Parties Processing Data on Our Behalf
We use certain service providers (“data processors”) to process your personal data. Such data processors include but are not
limited to: email service providers, online live chat service providers, customer support specialists, data analysis service providers, payment service providers, web hosting companies. In all cases, your personal data is disclosed only to the extent necessary for the provision of their services. We do not share your data with any third parties that are not our service providers.
Our data processors are usually based in the European Union (EU)/ European Economic Area (EEA). If in the future a situation arises where upon transferring of data to third parties, incl. our business partners and service providers, your personal data are transmitted to countries outside the EU/EEA which do not ensure the same level of protection as the one ensured by the applicable European legislation, then the transfer of data will be based on a decision of the European Commission (EC) in accordance with applicable law regarding the adequate level of personal data protection or in the absence of such a decision, based on standard contractual clauses of the EU in accordance with the decisions of the EC.
6.2 Third Parties Processing Data in Their Own Name
Under certain circumstances third parties may also process your personal data in their own name. Such third parties may include: (i) competent authorities which by virtue of a statutory act have the power to require the provision of information, including personal data, such as – courts, prosecutor’s office, various regulatory authorities such as the Commission for Personal Data Protection, National Social Security Institute, National Revenue Agency, authorities with powers to protect national security and public order, etc.; and (ii) vendors of proxy servers and proxy-related services;
7. What Are Your Privacy Rights?
In accordance with the GDPR, you have the following rights:
- Right to information: you have the right to obtain information regarding the processing of your personal data by us. This Privacy Policy aims to inform you in detail about the processing of your personal data in relation to your use of the Services, as well as your communication with us.
- Right of access: you have the right to obtain information relating to the processing of your personal data, as well to request a copy of such personal data in electronic or other suitable form, including through visualization in your profile.
- Right to rectify or complete: you can at any time rectify or complete inaccurate or incomplete information concerning you directly through your account or by sending us a request via e-mail.
- Withdrawal of consent: you have the right to withdraw your consent, where the personal data you have provided to us is processed based on consent. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- Right to erasure (“right to be forgotten”): you can require the deletion of your personal data to the extent permitted by law and to the extent the exceptions under Art. 17, para 3 of the GDPR do not apply.
- Right to restriction of processing: you have the right to obtain from us restriction of processing in accordance with applicable law.
- Right to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
- Right to object: you have the right to object against the processing of your personal data pursuant to Art. 6 of the GDPR (to protect our legitimate interest), as well as when such personal data is processed for the purposes of direct marketing or profiling.
You can exercise your rights at all times free of charge via submitting a request to e-mail [email protected]. We will make reasonable efforts to respect your request within 30 days of receiving your application. This term may be extended by a further two months, taking into account the complexity and the number of requests. The requests should allow for the identification of the data subject, otherwise, we will not be able to properly respect your request.
In case of violation of the principles of data protection or your rights according to this Privacy Policy or applicable law, you could file a complaint before the competent national supervisory authority:
Bulgarian Commission for Personal Data Protection
Address: Sofia, 1592, Tsvetan Lazarov Blvd.
Phone: +359 2 915 3580
Email: [email protected]
Website: www.cpdp.bg
8. How Long Do We Store Data?
We only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy unless a longer retention period is required or permitted by law (such as tax, accounting or their legal requirements).
8.1 Storage of Data Related to Correspondence or Other Types of Interaction You Have with Us or Our Website
8.1.1
In the absence of a storage period prescribed by law, the personal data contained in correspondence with us (including, but not limited to, inquiries, requests, complaints, applications, and signals (including free text) and any other communication with us), incl. information on the processing, status and final outcome of this correspondence, will be stored for a period of up to 5 years from the completion of the respective correspondence and the related relations.
8.1.2
Logs for statements of intent made on the Website, such as acknowledgment of having read this Privacy Policy when using the contact form with us, are stored for a period of up to 5 (five) years after the completion of the relevant communication with us.
8.1.3
Logs for other activities carried out on the Website shall be stored for the periods specified in item 8.4.1 below.
8.1.4
We store other log files when you interact with our Website or contact us for a period of up to 1 year.
8.2 Storage of Data Related to Creating an Account and/or Using Our Services
8.2.1
We will store your personal information for the whole period of maintenance of your Account. After your Account is deactivated and/or deleted or in case your Account has been inactive for more than 1 year, we will keep your personal data for the purposes and in the manner set out in the current Privacy Policy for a period of 5 years for the purpose of protecting our legitimate interest in case of court or administrative disputes with users.
8.2.2
We store traffic data which allows for the identification of the connection source, the destination of the connection, the date, time and duration of the connection, the type of connection, the end device of the user/the device that poses as the end device of the user, and the amount of bandwidth used by you when using our Services for a period of up to 6 months.
8.2.3
We store other log files related to the creation of an Account or usage of our Services for a period of up to 1 year.
8.3 Storage of Other Data Collected by Us in Relation to Financial Terms and Conditions
8.3.1
Information related to financial terms and conditions (for the purposes of accounting financial statements and subsequent financial inspections) will be kept for 10 years after the reporting period to which it relates, unless another period is envisaged under applicable law.
8.4 Storage of Personal Data Based on Consent
8.4.1
When the processing of your personal data is based on consent which is not time-limited, we may continue to process your personal data for the purposes for which you gave us this consent until you withdraw it or until the final achievement of the purposes for which we process them. You may withdraw your consent at any time. When the consent you have given us for the processing of your personal data is time-limited, we will process the relevant personal data only for the period for which you have given us such consent.
We will inform you in case the period for storage of your personal data should be extended for the purposes set out in this Privacy Policy, including for the protection of our legitimate interests.
When we have no ongoing legitimate interest needs to process your personal data, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
9. Security Measures
To ensure adequate protection of your data, we apply appropriate technical and organizational measures at our disposal to prevent unauthorized access, unauthorized or malicious use, loss, or premature deletion of information.
We store your data in secure electronic environments, and we restrict access to it to individuals who are authorized to access it. Our employees are trained to maintain the confidentiality of personal data. In order to maximize the security of the processing, transmission, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, backup archives, etc.
10. Notification in the Event of a Personal Data Breach
Where a personal data breach is likely to pose a high risk to your rights and freedoms, we will provide you with proper notification of the security breach.
We do not send a notification if any of the following conditions are met:
- we have taken appropriate technical and organizational measures to protect your personal data affected by the security breach;
- we have subsequently taken measures to ensure that the high risk to your rights and freedoms is no longer likely to materialize;
- individual notification requires efforts that are disproportionate. In such a case, we may make a public announcement or take another similar measure so that you are equally effectively informed.
11. Others
We may update the terms of our Privacy Policy periodically. We will notify you of any changes made to the terms of our Privacy Policy by publishing our new Privacy Policy on our Website and we shall indicate the date on which it was updated. Changes to