NP
NorthernVPN

GDPR Compliance

Last Updated: June 1, 2025

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), users in the European Union have the following rights:

  • Right to Access: You can request a copy of your personal data.
  • Right to Rectification: You can request corrections to your personal data.
  • Right to Erasure: You can request deletion of your personal data.
  • Right to Restrict Processing: You can limit how we use your data.
  • Right to Data Portability: You can request your data in a machine-readable format.
  • Right to Object: You can object to the processing of your personal data.
  • Right to Not be Subject to Automated Decision-making: You can request human intervention in automated decisions.

How We Process Your Data

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our VPN service.
  • Legal Obligation: Processing required by law.
  • Legitimate Interests: Processing that serves our legitimate business interests while respecting your rights.
  • Consent: Processing based on your explicit consent.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

  • End-to-end encryption of VPN connections
  • Strict access controls and authentication measures
  • Regular security audits and assessments
  • Employee training on data protection
  • Data minimization practices

International Data Transfers

When we transfer data outside the EU/EEA, we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

Data Protection Officer

Our Data Protection Officer can be contacted at: [email protected]

Exercising Your Rights

To exercise your GDPR rights:

  1. Email us at [email protected]
  2. Use the subject line "GDPR Rights Request"
  3. Specify which right(s) you wish to exercise
  4. Provide necessary information to verify your identity

We will respond to your request within 30 days.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with GDPR requirements.