Tổng tiền thanh toán:
This policy applies to client versions:
For older versions of this document, please visit the legal archive.
This policy does not apply to service data which may be collected by different products, such as an antivirus app, or to the operation of cookies on our website.
Generally speaking, we need some personal data particularly to provide you our products and services, optimize and improve our products and services, to send you direct marketing, or to comply with our legal obligations. We try to minimize the collection of any data, we aggregate or delete it as soon as possible, and if it is not necessary we don’t collect it at all. We will describe how we process the data in the following sections. But let’s start with what we don’t collect.
Personal data is understood as any information that relates to an identified or identifiable natural person and includes the information you provide to us while using our VPN services.
More specifically, we may collect and process personal data about you in the following situations:
If you use our VPN service, we collect the minimum amount of information needed to provide and operate it, as well as keep it running safely and efficiently. This is the data we collect to make sure our VPN infrastructure works (“Service Data”):
|Service Data||What we use it for|
|Day of connection
E.g. We store the date you were connected together with an internal identifier, but not the exact time: timestamps are floored to either 12 am or 12 pm.
|To troubleshoot for support and abuse handling.
Example: To know the amount of daily active users.
|Rounded amount of data transmitted
E.g. If a user transferred within the session 364MB, we floor it to 300MB. 1843MB of transferred data is floored to 1000MB. We keep just the first digit of the value together with an internal identifier.
|To plan for new network capacity and server improvements.
Example: We may deploy more capacity to meet demand and make sure speeds stay up for all users.
We store server’s service data for 35 days, after which time it is deleted on a rolling basis — data created on Jan 3rd, 2020 gets deleted on Feb 7rd 2020, for example.
In order to make sure our VPN clients do their job properly and without errors we have to know how many specific errors we have. This data pertains to interactions taken in the app, and cannot be used to uncover what you’re using the VPN service for.
|Client Data||What we use it for|
Events such as the attempt to connect, disconnection, connection error, etc. together with an internal identifier exclusively used for this (“connection event identifier”)
|To operate and provide VPN service with high quality. We do not pair any individual user with this data.
Example: How many unknown users get the same error?
Events such as auto-connection, uninstall event, etc. together with an internal identifier (“application event identifier”)
|To plan product development and analytics
Example: How many users do we have? Is a new client-side feature we introduced popular? Are people uninstalling after our latest release?
|Crash reports generated and sent by the user
We might collect data like your e-mail, app version or internal identifiers described above.
|To help troubleshoot the issue. We don’t send any privacy-sensitive data automatically - you need to explicitly allow sending this back to us and check prior to what data is being sent before you share it with us.
Please note that if you provide us together with information above also your personal data, e.g. within an ad hoc crash report that you decide to send to us, we could add this information to the service data and might be able to connect it with you.
Example: App is crashing on some specific device. This is how customer care support can help with device-specific issues.
We store client’s service data for 2 years, after which time it is deleted on a rolling basis — data created on Jan 3rd, 2019 gets deleted on Jan 3rd, 2021, for example.
Note: if you are using an older version of HMA, our apps may be configured to collect your username. While we have set our servers to immediately dump this information for all versions of clients, this is still a potential risk to your privacy. The only way to resolve this is to upgrade your VPN app/service to the latest versions.
When you create an account with us (note: this is necessary in order for you to use the VPN service), we will need some information about you. This is the personal data that is created and stored for the management of your account:
|Account data||What we use it for|
|Email address||To send you purchase receipts, communications, and occasional product news|
|Username (only for legacy versions)||To manage your account and facilitate your login into the service. We do not collect this information anymore. Usernames are used only with older versions of our VPN clients.|
|Activation code||To activate your subscription|
|Subscription renewal date||To tell us until when the account is valid|
All of the above data is stored for as long as you use our service, as it is necessary for us to provide it. However, your Account Data is not paired with your activity usage. You can see all of this data by logging into our Privacy Preference portal.
We rely on third-party payment processors to handle your product purchases. You can find out which provider we are working with for the point of purchase you chose (for example our website, an app store, etc) by looking at your transactional email or receipt.
This is the list of payment processors we cooperate with and their privacy policies:
Some of that billing data may be shared with us in order to detect and prevent fraud, help with customer support, or used as a record of your payment for accounting, taxation, and invoicing purposes. This data is what we call “billing data” and it includes your name, address, email address, the product (subscription you purchased) and for how long, and payment information.
Your payment provider will process your credit card number, but it is not shared with us.
On our side, billing data is stored for as long as you continue to use our service, and for up to 10 years after that. If legal obligations change, or we need to resolve disputes and enforce our agreements, we may be obliged to keep this data longer than that.
If you contact us by email, it will be stored for 6 months, unless required by law or other exceptional circumstances. We do this to speed up our turn around on support and to follow up.
If you are a user of our service or you have subscribed on our website, we will send you such commercial communications through this channel in the form of newsletters, or blog notifications. Please note, if you don’t want to be on our mailing list, you may use the “Unsubscribe” link available in every communication we send you.
Please note that if you provide us with your personal data we might be able to connect the collected service data with you.
To analyze application events from our VPN clients in order to understand how our services function, or how stable or successful they are, we rely on our own analytics tools as much as possible. Here are the third-party tools we use, how we use them, and their privacy policies:
Firebase helps us to understand how people interact with certain aspects of our service. While Firebase normally relies on Android Advertising ID or iOS Identifier for Advertisers, this is not the case of our service because we’ve opted to use our own anonymizing identifiers instead.
As this tool is not necessary for service functioning, you can opt-out of providing us with this anonymized application performance data in our application settings.
This Google tool helps us to improve application stability, pinpoint things that don’t work, and improve your experience. Its implementation doesn’t contain any information that can personally identify you.
Both Firebase Analytics and Crashlytics are subject to Google’s privacy policies
If you’re still on older versions of our service, the following analytics are embedded in them:
We highly recommend that you upgrade to later versions.
As an optional part of the VPN service, we offer the following free extensions.
This policy applies to version 1.1. For older versions of this document, please visit the legal archive.
The proxy extension is provided as a free tool for online privacy protection. Because of that, we need to gather different data to protect our product from abuse.
If you use the free HMA VPN Proxy Unblocker for Chrome and Firefox browsers, this is the personal data that gets collected:
|Service data||What we use it for|
|Your originating IP address||To prevent attacks on our network.
Example: If someone attempts to attack our servers, we will cut off the connection.
|Domain names||To prevent attacks on our network.
Example: If someone attempts to use our servers to attack our own infrastructure, we will cut off the connection.
|Timestamp of requests||To prevent attacks on our network.
Example: If someone attempts to attack our servers, we may report the attacker to their ISP or law enforcement.
We delete all of this data every 30 days on a rolling basis so data created on January 3rd gets deleted on February 2nd, for example.
On the client extension side, we collect data to understand how people are using the extension, troubleshoot it, and plan development. None of this can be used to specifically identify you.
|Client data||What we use it for|
E.g.Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14)
|For user support, troubleshooting, and product development planning
Example: Help us troubleshoot issues with specific configurations.
E.g. User has used Panic Mode feature, etc.
Example: Let us know what features are popular.
We delete this data after 2 years.
Our IP Checker and Panic Button extensions don’t collect any data.
This Common Privacy Information provides information about how we handle and protect your personal data and the choices available to you regarding the collection, process, access, and how to update, correct and delete your personal data that is common to all our products.
Additional information on our personal data practices may be provided in product settings, contractual terms, or notices provided prior to or at the time of data collection.
Our website www.hidemyass.com (“our Site”) and services are operated by Privax Limited, which is a limited company registered in England under company registration number 07207304, with our registered office at 110 High Holborn, London, WC1V 6JS, United Kingdom (referred to as "we," "us," "our," or “HMA”).
We offer the following services:
For specific information on each service and particular categories of processed personal data, please refer to the relevant tab named after the service in the navigation bar.
Personal data is information that relates to an identified or identifiable natural person, such as the personal data necessary to provide you with our service, to create and manage your account, to handle your product purchases, to communicate with you, to optimize and improve our service, and to comply with our legal obligations.
More specifically, we use your personal data for the following purposes relying on the following legal bases:
On the basis of fulfilling our contract with you or entering into a contract with you on your request, in order to:
On the basis of your consent, in order to:
On the basis of legal obligations, we process your personal data when it is necessary for compliance with a legal tax, accounting, anti-money laundering, legal order, or other obligation to which we are subject.
On the basis of our legitimate interest, we will use your personal data for:
When you use our service, you may be using servers located in a variety of different countries. However, there is a difference between use and storage. What little information that gets generated by your use of our infrastructure does not get stored outside of our 2 main borders: the United Kingdom and the Czech Republic.
In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it. We always strive to protect your data to the maximum extent we can.
By using the service, you acknowledge this transfer, storing or processing.
Concerning storage or retention periods, the specific terms applicable to the various types of data used for various purposes are noted in their respective sections. After these periods elapse, we will delete this data and no longer use it for that specific purpose.
These retention periods may be longer where it is necessary for us to comply with our legal obligations or legal orders, resolve disputes, and enforce our agreements, including in the court of law.
As a rule, we do not disclose any information to other commercial parties, with the following exceptions:
Like any other company, we too go through its own cycle of growth, expansion, streamlining and optimization. Its business decisions and market developments, therefore, affect its structure.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your personal data may be transferred as part of that transaction. We will notify you will be notified of any such deal and outline your choices in that event, when applicable.
In the event we are served with valid subpoenas, warrants, or other legal documents, or where applicable law compels us to comply, or when we are required to defend the rights or property of the Avast Group, including the security of our products and services, and the personal safety, property, or other rights of our customers and employees — we may share your personal data for these purposes as collected above.
As a data subject, you have the following rights regarding the processing of your personal data:
The fulfillment of data subject rights listed above will depend on the category of personal data and the processing activity. In all cases, we strive to fulfill your request.
You can exercise certain of these rights on our Privacy Preference portal (where you can also find more details about your rights and other personal data — related matters) or by emailing us at firstname.lastname@example.org.
We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months.
Where requests we receive are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request.
For the free versions, we do not and will not maintain, acquire or process additional information solely in order to identify the users of our free products and services. This is simply not necessary for the free versions of our products to be provided to you and function. This means, when you use a free version of our service, you may contact us with a request concerning your personal data.
We maintain administrative, technical, and physical safeguards for the protection of your personal data.
Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal data on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
We store your personal data in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and security practices that we deem adequate.
Access to user information in our database by Internet requires using an encrypted VPN, except for email which requires user authentication. Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
If you have any questions or feedback regarding these terms, you can contact us by email: email@example.com. HMA, has also appointed a Data Protection Officer, who can be contacted at firstname.lastname@example.org.
We collect your personal data when you access the website www.hidemyass.com related to Privax or its brand HideMyAss!
We collect your personal data when you access the website www.hidemyass.com related to Privax or its brand HideMyAss!
Cookies are small text files that can be used by websites to make a user's experience more efficient. You can find more about cookies here.
Browser manufacturers provide help pages relating to cookie management in their products. Please see below the relevant links to the main browsers:
For other browsers, please consult the documentation that your browser manufacturer provides.
You can opt-out of interest-based targeting provided by participating ad servers through:
In addition, on your iPhone, iPad or Android, you can change your device settings to control whether you see online interest-based ads in the following manner:
Please note that if you disable cookies, our websites may not function properly or at all or your access to our websites and their features may be affected or restricted.
When you interact with our websites and our affiliate partners, these are the cookies you may encounter, and why we use them:
|Cookie name||How we use it|
_ga with IP anonymization
Example: Understand which pages people find most interesting or confusing.
|Hotjar script cookies:
|Conduct surveys. Only set if you interact with the surveys.
Example: Ask people for feedback.
|To keep you logged in when using your account.|
|To let us know which website referred you to us.
Example: Help us compensate website owners who brought us business.
|Know which friend referred you to us.
Example: Your friend could get an extra free month for recommending us to you.
This Policy was last updated on April 27, 2020.