PRIVACY AND DATA PROTECTION POLICY

Last modified: 15 March 2021

Effective date: 15 March 2021

This Privacy and Data Protection Policy (“Policy”) is effective as of the date set forth above. VAKU APPS LTD (“Company”, “VAKU APPS LTD”, “We”, “Us”, “Our”), operating with Mobile VPN application (“App”) and website https://vaku.app/ (“Website”), is committed to honoring and encouraging the protection of your privacy as a user who uses the App (“you”, “your”, “User”).

You may print a copy of this Policy for your records.

We act as a Joint Data Controller

Joint data controller is a legal person that jointly with other data controllers determines the purposes and means of the processing of personal data, with regard to personal data of Our App Users. We act as a Joint data controller together with the Google LLC (“Google Analytics”, “Google”) and YANDEX LLC (“Yandex.Metrica”, “Yandex”). We determine the purposes of processing of your personal data regarding our business interests. Google and Yandex determine means of processing of personal data and purposes of processing of your personal data regarding their business interests.

This Policy applies to every individual whose personal data is collected by the Google Analytics and Yandex.Metrica (“Partners”) through the App and other persons whose personal data is lawfully disclosed to and processed by our Partners (“Data Subjects”). This Policy describes how our Partners collect and how We and our Partners process the your personal information our Partners collect.

Questions, comments and complaints about the data practices related to the App can be submitted to the following address:

VAKU APPS

Phone number: +357 25 057505;

Email address: vpn@vaku.app ;

Attention: Christos A. Photiades.

Collected Data

We do not collect data. Your personal data is collected by our Partners. Our Partners collect personal data related to your activity on the respective app store or distribution platform and within the App/Website by means they determine to be appropriate for that.

The types of your personal data collected by Google Analytics includes:

You may see a detailed list of the personal data Google Analytics collects about you at:

Yandex.Metrica collects the following data concerning your experience during usage of the App/Website:

You may see a detailed list of the personal data Yandex.Metrica collects about you at https://yandex.ru/support/metrica/code/data-collected.html?lang=en.

Remember, We do run automated decision-making software based on all the data we receive. We do use personal information We receive from our Partners, namely the data regarding time of User’s actions within the App/Website, ID of User’s device, name of version of the app and country from which User has accessed the App/Website for profiling to analyze the Users' experience within the App, how Users use the Services and App and to enhance the App.

Cookies and Third-Party Technologies

We do not use cookies. Our Partners use cookies and other identification technologies on the App/Website.

Cookies are small text files that are stores on devices by apps. Cookie may contain your unique identifier and typically serve to improve your experience of Internet surfing: for instance, due to cookies, you are able to browse pages you have once visited quickly, to set your unique options in “settings” menus, as well as monitor your way through the webpages in order to aggregate precise information about your navigation and preferences, so the app owners may analyze the information and offer you a better service and relevant ads in the future.

You may learn more about cookies our Partners use at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage and

https://yandex.ru/support/browser-beta/personal-data-protection/cookies.html?lang=en

Purposes to use cookies

Our Partners collect Your cookies for a few reasons:

Third-party websites

Third parties may display their advertisements within the App. When you click on third-party advertisement, it may redirect you to the website of such third party outside the App. Such website may collect your personal data according to its own rules and policies. We are not responsible and hold no liability regarding your personal data by the third-party websites.

We advise you to access the third-party websites carefully and always check their policies and rules regarding the collection of your personal data.

How We Use Personal Data

Our Purposes

Our App is aimed at powering-up, energy saving, cleaning cache and managing your phone and other services, according to Our Terms of Use. Thus, We need your data to provide you with the respective services.

Likewise, We will use your personal data for the following purposes:

Processing personal data for marketing purposes

Our Partners process your personal data and allow Us to process your personal data for marketing purposes on a basis of your consent. Our Partners warrants they have received your consent for receiving of marketing communications from us. Marketing communication may include the right of the Company to notify the User about the App updates, new services, marketing proposals and related notifications.

You are not under any obligation to provide our Partners with your personal data for marketing purposes. You can withdraw your consent to your personal data being processed for the purposes of marketing communications at any time by contacting Us at email address vpn@vaku.app or directly via the App.

If you do choose to withdraw your consent, this will not mean that Our processing of your personal data before you withdraw your consent was unlawful.

Disclosure of Your Personal Data

We ensure We always include the controls and warranties embodied in this Policy to the contracts and agreements. We work under the respective contracts and agreements with our Partners and contractors whom We grant access to your personal data.

Your Age

Before using Our Services, you have to reach the age recommended/established under the Terms of Use and Privacy Policy of Google and Yandex. Google and Yandex ensure and warrant that you have reached the age at which applicable laws permit you to use the App and to collect your personal data. We fully rely on such warranties of Google and Yandex and promptly react to any reports regarding the inappropriate age of Users of the App. We do not normally provide services to subjects of the inappropriate age. Subsequently, We do not process their personal data. We reserve the right to implement any tools and techniques to reveal the human trafficking and exploitation of children, and report them immediately to the appropriate state authorities and enforcement agencies, including the personal data associated with the activities which, at Our own discretion, are suspicious and may raise concerns about their association with the violation of applicable laws.

By using or accessing Our App/Website, We believe that such Data Subjects have reached the age recommended/established under the Terms of Use and Privacy Policy of Google and Yandex and have all rights to enter into an agreement with Us as to the receipt of Services and use of App, as well as process personal data under Data Subjects’ consent for the purposes We mention in this Policy.

If you know that our Partners process personal data of User of inappropriate age , please inform Us by sending email at vpn@vaku.app.

Retention of Personal Data

We do not store your personal data, except the data regarding time of User’s actions within the App/Website, ID of User’s device, name of version of the app and country from which User has accessed the App/Website. Our Partners and We store your personal data collected during your activity on the respective app store or distribution platform and within the App/Website.

You can find the information about the way your personal data is stored, processed and deleted by the Google and Yandex at:

We will process your personal data for as long as you will use the App/Website or for as long as needed to provide you with the Services. In case you will stop to use the App and delete the App from your device we will not process your personal data anymore, except when it is properly justified under Our business needs.

State authorities, enforcement agencies, courts

We may be legally obliged to disclose your personal data to the competent state authority, enforcement agency or a court in case We receive a mandatory request for such disclosure from them.

We may be proactive and address the competent authority in case We suspect a violation of law to be committed in association with your use of Our App/Website.

Your consent

We will notify you of the purposes and scope of the disclosure and ask for your permission in case your personal data is to be shared with a third party not mentioned in this Policy.

Right to Withdrawal of Consent

You have a right to withdraw consent to processing of your personal data. You may enjoy this right at any time you wish. Please remember, that the withdrawal of consent does not mean that the processing before the withdrawal is considered thus illegal.

If you want to withdraw your consent to processing of your personal data, you should contact our Partners, namely Google or Yandex, in this regard, Subject to your withdrawal of consent to processing of your personal data, our Partners have to inform us about this. Once our Partners will inform Us in this regard, we will stop to process your personal data. We fully rely on our Partners regarding your withdrawal of consent to processing of your personal data.

Before withdrawing your consent, take into attention the outcome such withdrawal may entail.

Cross-border Transfer of Data

Our headquarters is in the Russian Federation. We make every possible effort to protect entrusted data against unauthorized access, including two-factor authentication procedures, regular password changes, due diligence of privacy procedures and other appropriate and reliable measures provided by Our Partners.

Some data may be accessed and processed by the following companies:

NAME PURPOSE COUNTRY PRIVACY POLICIES
Yandex LLC (Yandex Appmetrica) analysis of the Users' experience within the App and how Users use the Services and App Russia Reference for review
Google LLC (Google Ads, Google Admob, Google Firebase) analysis of the Users' experience within the App and how Users use the Services and App Ireland, USA Reference for review
Unity Technologies analysis of the Users' experience within the App and how Users use the Services and App USA Reference for review
Facebook Inc. analysis of the Users' experience within the App and how Users use the Services and Ap Ireland, USA Reference for review
AdinPlay BV analysis of the Users' experience within the App and how Users use the Services and Ap The Netherlands Reference for review
AppLovin Inc. analysis of the Users' experience within the App and how Users use the Services and Ap USA Reference for review
Pollfish Inc. analysis of the Users' experience within the App and how Users use the Services and Ap USA Reference for review

We also may use support from the specialists skilled in performing tasks to enhance our Services as well as other independent contractors, e.g. IT specialists, accountants, auditors, lawyers, etc, provided that all adequate safeguards are put in place.

In order to secure the adequate level of protection, We implemented the Standard Contractual Clauses as well as signed Data Processing Agreements in the relationships with the engaged contractors, so they are bound to preserve at least the same level of personal data protection as it is granted by the law applicable to us.

Data Breaches

We take all reasonable steps to minimize the risk of the personal data breach while processing the personal data. The risk assessment We have to carry out has to determine whether the risk to the rights and freedoms of the Data Subjects affected is judged to be sufficiently high to justify notification to them.

In the case of a personal data breach, We will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the Data Subjects. Also, in the case of a personal data breach, which is likely to result in a high risk to the rights and freedoms of the Data Subjects, We will without undue delay notify the appropriate Data Subject the personal data of which were breached. If measures that have subsequently been taken to mitigate the high risk to the Data Subjects, so that it is no longer likely to happen, then communication with the Data Subject is not required.

We will document all personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the competent authority to verify compliance with the GDPR if necessary.

Your Rights

There is a scope of rights you may enjoy as to personal data protection with regard to GDPR and CCPA.

The list of rights protected under GDPR is as follows:

The list of rights protected under CCPA is as follows:

We pay your attention to the fact that depending on your request regarding the exercising any of your rights provided hereinabove you may need to contact our Partners to exercise such right. You are able to check the details of procedure of exercising any of your rights provided hereinabove at:

We do not charge any fees in relation to exercising your rights (unless We receive repetitive requests without a clear justification behind the need to request the information within such short periods of time; in this case, We may charge you a small fee to compensate the expenses that incur due to the repetitive and excessive character of requests). We typically do Our best to answer you as soon as possible or within the reasonable period taking into account the complexity of the request, but in case We are processing a large amount of requests the answer may took Us longer than you might expect.

You can send Us the request via email vpn@vaku.app or directly via the App. Please verify that your request comprises the details:

We may ask you to provide Us with some information We already have to verify that it is you or holder of parental responsibility on your behalf.

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell your personal data or disclose your personal data for business purposes.

You might provide us with the affirmative authorization to sell your data (the “right to opt-in”). If you are between 13 and 16 years of age, you can provide such personally. If you are less than 13 years of age, such affirmative authorization has to be provided by your parent or guardian. If you opt-in to personal information sales you may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to Us by sending Us a message via email vpn@vaku.app or directly via the App.

After you make an opt-out request, you may change your mind and opt back in to personal information sales at any time by visiting Our App/Website and sending Us a message. We will only use personal information provided in an opt-out request to review and comply with the request.

Complaint Lodgement

In case you are convinced We are somehow infringing your personal data rights granted by the GDPR, you may lodge a complaint with the supervisory authority. Our lead authority is:

Name: Office of the Commissioner for Personal Data Protection

Address:Iasonos 1, 1082 Nicosia, Cyprus

Telephone: +357 22818456

E-mail:http://commissionerdataprotection.gov.cy/.

We kindly invite you to share your concerns with Us first regarding any issue related to processing of your personal data. You may use the following channels to address your inquiries:

Email address: vpn@vaku.app.

Updates to the Policy

We may occasionally update this Policy.

We reserve the right to change the Policy (at its own discretion and at any time). If We make significant changes, We will notify you of the changes on Our App or through others means, such as email, before they enter into force. See more in Terms of Use.

The Company may revise this Policy from time to time but no less than once at every 12 months . If the Company makes material changes to this Policy, it will notify the Data

Subjects by e-mail or by posting a notice within the App prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, Data Subjects agree with the revised Policy.