Data Processor Privacy Policy

Data Processor Privacy Policy

Effective Date: 30.01.24

1. Introduction

Welcome to iProxy.online (“Company”, “we”, “our”, “us”, “iProxy”).

We operate https://iproxy.online and the iProxy mobile application, offering infrastructure for creating and managing mobile proxies on Customer Android devices.

In cases where a Customer offers others access to a proxy created by them, as per Section 6 of the Terms of Service, they become the data controller for the personal data of those individuals to whom they grant access (End Users). In this scenario, iProxy acts as the data processor of personal data.

iProxy processes personal data in the course of service provision to its Customers according to their instructions. The Customer is the Controller that determines the purpose of data processing, exercises control over the User’s personal data, and stipulates the retention period of the User’s data according to its purposes. iProxy, in turn, is a Processor that conducts only those data processing activities that the Customer requests.For clarity, we store technical data and usage information that passes through our servers when end users utilize proxy accesses created by our Customers.

Before undergoing such procedures, the user is duly notified by the Customer in accordance with the Customer's Privacy Policy.

This policy details our commitments and responsibilities in our capacity as a data processor.

This Privacy Notice outlines how we process personal data, commit to protecting your information, and provide the framework through which effective management of data protection matters can be achieved while providing our Services. This Privacy Notice does not cover how iProxy Customers may treat Users' personal data. Customers provide this information in their privacy statements which are not subject to iProxy's control.

2. Definitions

Service means the https://iproxy.online website and iProxy – Mobile Proxies mobile application operated by iProxy.

Personal Data means data about a living individual who can be identified from that data (or from those and other information either in our possession or likely to come into our possession).

Data Subject is any living individual who is the subject of Personal Data.

Customers are Individuals or entities, who enter into an Agreement with iProxy and to whom iProxy provides services in accordance with such an Agreement. The category "Trusted sellers" is not separated from the "Customer" category for the purposes of this policy (for more information about Trusted sellers, please refer to the Terms of Service).

End Users are Individuals or entities, who directly use the mobile proxies, created by our Customers on iProxy software infrastructure.

Usage Data is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

Data Controller the Customer where it, alone or jointly with others, determines the purposes and means of the processing of personal data by written instruction for processing activities given to iProxy;

Data Processors iProxy where it processes personal data on behalf of a Data Controller;

Third-Party Processors processors authorized to exercise certain processing activities under the direct authority of iProxy;

Processing any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

EEA European Economic Area (the European Union Member States, Norway, Iceland and, Liechtenstein);

AML/CFT Anti-Money Laundering / Combating the Financing of Terrorism legal rules and standards as envisaged in FATF recommendations, EU regulations, and national legislation.

3. Principles of personal data processing that iProxy adheres to

iProxy adheres to the principles of personal data protection as envisaged in the EU GDPR and the UK GDPR. In accordance with these principles, iProxy assists the Controller in ensuring that the User’s personal data is:

1. Processed fairly and lawfully and in a transparent manner in relation to the Data Subject;

2. Processed for specified, explicit, and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;

3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

4. Kept accurate and up to date;

5. Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed;

6. Processed in a manner that ensures their appropriate security;

7. Not transferred outside the European Economic Area (EEA) or the UK without adequate protection.

4. Information We Process

As part of providing our service to our Customers, we process the following data regarding End users:

**Usage data: ** Customer identifier, IP address, timestamps of your internet service activities (login, logout, etc), browser history.

Technical data: phone identifier, user’s phone model, information about the phone system, mobile carrier information, as well as the volume of traffic (both incoming and outgoing).

5. Purpose of Data Processing

Given the fact that proxies are often used by individuals to conceal their real mobile IP addresses and ensure online anonymity, we acknowledge the possibility that some users may utilize proxies for unlawful purposes. As a responsible company, we are committed to preventing the illicit use of our infrastructure. In alignment with public interest and legal compliance, we retain technical information and logs of End users for a period of two years. This measure is crucial to assist law enforcement agencies in the investigation of criminal activities, thereby upholding our commitment to legal and ethical standards in our operations. Our proactive approach in this regard reflects our dedication to maintaining a safe and lawful internet environment.

6. Data processing activities

iProxy facilitates the following types of automated processing: data storage, disclosure through transmission to authorized entities upon their request, and data erasure or destruction.

7. Information We do not Collect

We do not knowingly collect personally identifiable information from persons under 18 as we do not provide our Service to persons under 18. If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children, we take steps to remove that information from our servers.

iProxy does not intentionally collect sensitive personal information such as social security numbers, genetic data, medical information or religious information. Although iProxy does not intentionally request or collect any confidential personal information, we understand that users can transmit this kind of information to iProxy by sending it to us using proxy accesses created using our infrastructure. If you store any confidential personal information on iProxy servers, you consent to the storage of this information on our servers.

8. The lawfulness of personal data processing

In line with Article 6 of the EU and UK GDPR, Controllers should rely on an appropriate legal ground when processing personal data. Most of our Customers rely on the following grounds for processing personal data:

• Article 6(1)(c) of the GDPR: “[personal data] processing is necessary for compliance with a legal obligation to which the controller is subject”;

• Article 6(1)(e) of the GDPR: “[personal data] processing is necessary for the performance of a task carried out in the public interest”;

• Article 6 (1)(a) of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.

9. Data Retention

Data is retained only as long as necessary for the purposes for which it is processed or as mandated by legal requirements, after which it is securely deleted or anonymized.

We are committed to preventing the illicit use of our infrastructure. In alignment with public interest and legal compliance, we retain technical information and logs of end users for a period of two years.

10. Data Subjects’ rights

Upon written request from the Customer, iProxy assists the Customer in exercising the Data Subject’s rights. According to privacy laws, you have the right:

• Request access to your personal data.

• Request correction of your personal data.

• Request erasure of your personal data.

• Object to processing of your personal data.

• Request restriction of processing your personal data.

• Request transfer of your personal data.

• Right to withdraw consent.

to ask iProxy to execute the rights mentioned above or redirect the request to the Customer, you should send a free-form email to ceo@iproxy.online. The information on actions taken in response to any request is provided to you within one month. That period may be extended by two further months where necessary, considering the complexity and number of the requests. In this case, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Please be kindly aware that when you ask us for the execution of the rights as stated above, we may have to take steps to verify that you are the legitimate data owner and/or authorized to make the request due to the Customer's request or our own legal obligation.

iProxy guarantees that making a request for receiving personal data is free unless a reasonable cost is to be charged where requests are unfounded or excessive, or repetitive in character.

11. Data Transfer and Sharing

We engage with third-party service providers to facilitate our service, adhering to strict data confidentiality and security standards. Data is only shared as necessary and under contractual obligations ensuring data protection.

If the Customer agrees, iProxy may have to apply third parties for data processing activities, which include the following categories:

Third-party processors as reasonably necessary for the provision of a service under the Agreement with a respective Customer;

iProxy requires the Third Parties to respect the security of personal data and treat it according to the applicable law. In addition, Third Parties are mostly limited to only accessing or using personal data to provide services to iProxy and must provide reasonable assurances they will appropriately safeguard the data

Recipients. Where it is required by law, iProxy may have to provide personal data to the Recipients, which includes the following categories:

Governmental bodies and regulatory authorities, judicial bodies, investigation bodies, sworn bailiffs, and notaries based on written and concrete requests or the duties binding upon iProxy or its Customers stipulated by the legal enactments. Such sharing is conducted in line with strict compliance with derogations of the EU GDPR and the UK GDPR;

12. International data transfers

iProxy confirms that all personal data is submitted by Data Subjects iProxy’s servers located in the EU and/or subject to any national localisation requirements in the respective countries where such requirements exist. The Customer may choose the location of personal data processing (including storage) to comply with the applicable laws.

Where it is necessary for service provision or to ensure convenient and reliable communication with the Data Subjects, iProxy transfers personal data outside of the EU/EEA, or the UK to the Third-Parties and Recipients.

Whenever a transfer of personal data outside the EU or the EEA is carried out, iProxy implements appropriate safeguards as set out in Chapter V of the EU GDPR by transferring on the basis of the EU Adequacy Decision (or UK Adequacy Regulations) and by concluding Standard Contractual Clauses with the Controller. Third-Party Processors likewise rely on appropriate safeguards, which include Binding Corporate Rules, Standard Contractual Clauses, etc. Cross-border personal data transfers from the UK to the EU/EEA countries are permitted by the UK Government.

13. Security Measures

We take all reasonable steps to protect information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption.

However, the security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If you have any questions about the security of your personal information, you can contact us at ceo@iproxy.online​.

14. Updates to Policy

This policy is subject to updates and changes, reflecting our evolving practices or changes in legal requirements. Users will be notified of significant changes through our website or direct communication.

15. Contact and Inquiries

Queries regarding our data processing practices can be directed to ceo@iproxy.online. EU, UK, and Swiss residents can contact our EU representative at the same email for specific inquiries.