While it is possible to use the Website without providing personal data, if you wish to utilize SPY24 Services through our Website, collecting and processing personal data may be necessary. In such cases, we generally seek consent from the user as a data subject unless personal data processing is available under other lawful grounds (such as legitimate interests or contract execution).
As the controller, the Company has implemented various technical and organizational measures to ensure the utmost protection of personal data processed through this Website.
Personal data refers to any information related to an identified or identifiable natural person (“data subject/user”). An identifiable natural person is someone who can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or other factors specific to their identity.
Data subject/user refers to any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing, such as a user of the SPY24 Services.
Processing includes any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment, combination, restriction, erasure, or destruction.
Pseudonymization refers to the processing of personal data in a way that no longer allows attributing it to a specific data subject/user without additional information. This additional information is kept separately and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
Encryption is a security measure that protects personal data. It involves converting personal data into an encoded and unintelligible form using encryption algorithms and a key, which can then be decoded using a decryption key or code.
Consent of the data subject/user refers to any freely given, specific, informed, and unambiguous indication of the data subject/user’s wishes, expressed through a statement or clear affirmative action, signifying agreement to the processing of their personal data.
The Controller for the purposes of the General Data Protection Regulation (GDPR), as well as other applicable data protection laws in European Union Member states and related provisions, is Altercon Group s.r.o.
(registered address: Londynska 730/59, Vinohrady, 120 00 Praha, Czech Republic, reg. number 06746764). Contact email: [email protected]
PERSONAL DATA COLLECTION AND USE
Accessing our Website does not require providing personal data.
The Purpose of processing your personal data the Company and the collection of information about you include:
Your expressed intention is to utilize the services provided by SPY24.
In order for SPY24 to effectively deliver the services that have been ordered and purchased by the user, it is necessary to collect and utilize certain data in accordance with Article 6.1.b of the GDPR. This collected data is essential for SPY24 to accurately identify and invoice the user, as well as process payments using the provided bank card number.
Additionally, this data is utilized for the purpose of verifying your identity and providing customer care service and assistance. It is also analyzed to gain insights into the usage of our website and SPY24 services, which allows us to improve the overall service quality and user experience, ultimately leading to increased engagement and retention.
We may utilize your personal data to achieve the following objectives:
(a) Enhance your browsing experience by personalizing the website and improving the SPY24 services.
(b) Send important information to you via email, such as registration status updates, password verification, and payment confirmations.
(c) Communicate with you regarding your use of the SPY24 services.
(d) Provide statistical information about our users to our partners through secure channels under data processing agreements (DPA). Additionally, we may send you marketing and promotional materials.
To become a user of SPY24 services, it is necessary for you to provide your personal data during the registration process and when purchasing software and/or services.
To fulfill this purpose, we collect and process two types of information:
- Aggregate tracking and website usage information is automatically gathered when you access our website. This includes details such as browser types and versions, operating systems, referrers, date and time of access, internet service providers, data from analytics systems (such as Google Analytics, Facebook pixels, Adwords pixels, Google Tech Manager, Zendesk, and Zopim), and similar data used for safeguarding our information technology systems.
- Personal data voluntarily provided by you, with your consent, when placing an order for any SPY24 Services subscription plan.
It is important to note that while providing your personal data is not obligatory, failure to do so may prevent you from creating an account, logging in, making purchases, and ultimately utilizing the SPY24 services.
The processing of personal data is carried out based on the following lawful bases:
(ii) Performance of a contract
(iii) Legitimate interests
We process personal data from the following categories of data subjects:
- Website users
- Service users
- SPY24 Software users
However, it’s important to note that users of target devices are not considered data subjects since their identities cannot be determined based on the encrypted information collected from their devices.
To ensure compliance with GDPR and adhere to data minimization principles, we collect the following personal data as mentioned above:
(i) Full name (first and last)
(ii) Email address, which enables users to register an account and access SPY24 Services and Software accordingly
(iii) IP address assigned by the Internet service provider (ISP) and used by the user
(iv) Location data for statistical purposes, aiding in understanding user engagement areas
(v) Phone numbers
The storage of this data is essential to prevent misuse of SPY24 Services and, if necessary, to investigate any potential offenses. Personal data is not shared with third parties unless it is necessary for the provision of SPY24 Services or if there is a legal obligation to transfer the data upon request from government authorities or in relation to criminal proceedings.
We store personal data separately in our database, using depersonalization techniques to ensure compliance with the GDPR’s storage limitation principle and to prevent the identification of data subjects.
Except under exceptional circumstances described under “Legal Matters” below, we do not authorize the use of your personal data by any third party. We maintain various online security measures to protect and secure your personal information.
During the purchase of SPY24 Software, you are required to provide User Information, including personal details such as your ID (first name, last name) and email address, which we process and store.
Additionally, you need to provide Billing Information and Payment Method, which may include your personal data. This data is partially processed by us and processed by the payment providers.
Upon registration of an account, based on the personal data you provide, we may send you a welcoming email to verify your login and password.
To access your account on our website, you will need to log in using the login and password that were sent to your email. It is important to keep your password secure and take necessary measures to protect its confidentiality. Your account activity is password-protected, ensuring the privacy of your information.
We will communicate with you to respond to your inquiries and provide any requested information or services. Our website includes contact information that allows for quick electronic communication and direct contact with us, including a general email address. If you contact us via email or through a contact form, the personal data you provide will be automatically stored. We will communicate with you via email or any other method chosen by you, including telephone communication.
In certain cases, we may collect your phone number to facilitate refund issuance. Our customer support specialists may request your phone number through live chat or email. We reserve the right to verify the provided phone number by calling or sending an SMS. We may also contact you via call or SMS to notify you that your refund has been confirmed and will be processed shortly.
We may utilize your personal information to contact you with newsletters, marketing materials, promotional offers, and other information related to the SPY24 Services. Based on your separate consent, you may receive the following types of marketing emails:
(i) Product Updates: Information about new version releases, new features, issues, or requests for your feedback through surveys.
(ii) SPY24 Tips and Tricks: Content to help you get started with SPY24 Services and make the most out of them, providing educational resources.
(iii) Exclusive Deals: Promotions such as Black Friday or New Year offers, discounts, upsells, and cross-sells.
(iv) Newsletters: Announcements about news in our niche and important information for our customers.
(v) SPY24 Digest: A monthly email sent to all users, including company updates, popular blog posts, customer reviews, etc.
(vi) Activation Reminders: Welcome email series for users who registered but have not made a purchase.
For each type of communication, you are required to provide separate consent within your account. You can always opt out (unsubscribe) from any communication within your account, except for operational and non-marketing notifications such as payment acceptance, payment notifications, necessary updates, and refunds.
When using our SPY24 Services, you may import information from target devices into your account. This information is stored in an encrypted manner on SPY24 servers using the latest encryption and protection technologies and standards. However, please note that downloaded information on your device or browser is not encrypted, and it is your responsibility to ensure its security. We do not have a direct relationship with anyone other than you unless you are the user of the target device. Therefore, you are responsible for ensuring that you have legal access to the target device.
If you use a computer in a public place or share a computer with others, please remember to log out and close your browser window after accessing our website and SPY24 Services to prevent unauthorized access to your personal information. You are solely responsible for controlling and using each password you create.
Third-Parties’ Products: If you purchase third-party products on our website, please note that we do not collect and store your personal data associated with those products. The storage and collection of your personal data by such products are managed by the respective providers, and SPY24 does not participate in these processes. If you have any privacy-related inquiries concerning the use of third-party products, you should contact the appropriate providers. However, in cases where SPY24 collects, stores, and processes personal data related to the purchase of third-party products on our website, we act as a Data Controller and may process the following categories of personal data:
- Full name
- Last four digits of the credit/debit card used for payment on the checkout page
- Name of the third-party product
- Payment date
We reserve the right to transfer the aforementioned data to third-party providers of the purchased products to fulfill our obligations as stipulated in the agreement with the provider.
Payment Information: We have implemented necessary security measures and standards for payment security on SPY24 Services. Our website complies with PCI DSS and other requirements. We collaborate with various payment service providers, and before establishing a partnership, we assess them based on our policies to ensure they possess the necessary licenses and permits for conducting transactions. During the payment process, you provide the following information to the payment service provider:
- Credit/debit card number
- The expiration date of the credit/debit card
- Your full name
- Your email
This information is collected and stored by the payment service provider.
Automatically Collected Data: We also collect and store information generated automatically as you navigate through our website, utilizing tracking technologies such as cookies, log files, and pixel tags. As you browse our website, the automatically collected information includes “log files” pertaining to your device’s internet connection, the duration of your visits, and the pages accessed during each visit. We utilize this information to analyze trends, administer the website, track user movement, and gather aggregated statistical information.
Cookies enhance user experience by enabling us to provide more user-friendly services on our website. Through cookies, we can optimize the information and offers based on user preferences.
You have the ability to prevent the setting of cookies through our website by adjusting the settings in your internet browser, thus denying the setting of cookies permanently. Additionally, you can delete already set cookies at any time using your internet browser or other software programs. Most popular internet browsers offer these options. However, disabling cookies in your internet browser may result in some functions of our website being unavailable.
If you do not wish to receive cookies, you may be able to refuse them by adjusting your browser settings accordingly. However, please note that if you choose to reject cookies, certain functionalities, services, or support on our website may not be available. If you have previously visited our website, you may need to delete any existing cookies from your browser.
Pixel Tags: We may also use pixel tags, which are single-pixel image files (also known as transparent GIFs, clear GIFs, or web beacons). These tags allow us to access cookies and count users who visit the website or open our HTML-formatted email messages.
When you register an account on SPY24, you receive an email containing a private key, or you can download it from your account. This private key serves two purposes: encrypting your personal data and enabling you to regain access to your data and information from a target device in case you forget your password.
The private key is stored on SPY24 servers in an encrypted form. If your account is active, the private key is stored for the duration of your account’s activity.
After you delete your account upon your request, the private key is stored for a period of one day.
SPY24 has implemented security measures, including hardware and software safeguards, software updates, and network scanning procedures, to protect and secure the information under our control, including personal data. We work with third-party service providers and vendors who use encryption and authentication methods to maintain the confidentiality of your personal data. Personal information, if stored, is housed on firewalled systems accessible only to authorized personnel under a Data Protection Agreement (DPA).
All personal data of our users is stored in an encrypted manner. We use the RSA asymmetric public-private key cryptosystem with a key size of 4096 bits and the AES symmetric-key algorithm with a key size of 256 bits.
The RSA cryptosystem uses a public encryption key and a private decryption key. The public encryption key is stored openly in the database (DB), while the private decryption key is stored in the DB in an encrypted form using AES 256. The encryption key consists of the user’s password and secret key, and it cannot be decrypted without both the user’s password and secret key.
User credentials, such as the login, are stored in the DB. The user’s password is not stored; only a hash of the password is stored. A unique public-private key pair for the RSA cryptosystem is generated during the user’s signup process and stored in the DB in encrypted format using AES 256.
During the login process, the user’s password from the login form is used to decrypt the user’s original private key.
When data is received from devices, it is transmitted using encrypted HTTPS protocol. The data is immediately encrypted on the server’s RAM without being stored on the server’s disks. Encryption is performed using RSA and the user’s public encryption key.
The encrypted data is then saved on SPY24 servers.
When the user requests decryption, the user’s decrypted private key is used to decrypt the encrypted data, and the information is presented to the user.
While we consider your use of SPY24 Services to be private, there may be instances where we need to disclose your personal information stored in your account and/or on SPY24 servers and databases. These instances include:
- Compliance with the law or legal process served on us.
- Investigation of potential fraudulent activities.
- Protection of the rights, property, or safety of SPY24, its employees, its customers, or the public.
We may share aggregated information with third parties, including strategic partners, for marketing and promotional
purposes under data processing agreements that ensure compliance with GDPR.
As a data controller, we may also transfer the personal data of a data subject to one or more processors (e.g., a payment provider under a DPA) for payment processing purposes. This processing is necessary for the user to purchase SPY24 Services.
TRANSFER OF PERSONAL DATA:
As we utilize third-party technological services to provide our services, there may be instances where your personal data is transferred internationally. These service providers act as sub-processors and process personal data in accordance with GDPR under a Data Processing Agreement (DPA).
PERSONAL DATA BREACH:
If there is a risk of unauthorized disclosure of personal data, the controller will notify the data subject without undue delay. However, if appropriate technical and organizational protection measures, such as encryption, have been implemented and applied to the affected personal data, the controller is not obligated to notify the data subject.
It should be noted that encryption becomes ineffective if the access password or other credentials are weakly protected or stored by the data subject. In such cases, the controller is not responsible for a personal data breach.
In the event of a personal data breach, as the controller, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
DATA STORAGE LOCATION:
Typically, personal data provided by users and information collected from target devices are stored on servers located in Germany and the Netherlands. There may be instances where these personal data and information are stored outside the EU, including in Canada. We have implemented necessary security measures to protect your personal data in accordance with industry best practices for security, protection, and confidentiality. If your personal data is transferred to third-party service providers, each provider is contractually obligated to adopt the necessary security measures for protecting your personal data as per our data protection agreement.
DATA SUBJECT RIGHTS:
As a data subject, you have the following rights:
a) Right of confirmation: You have the right to obtain confirmation from the controller as to whether or not your personal data is being processed.
b) Right of access: You have the right to obtain free information from the controller about your personal data stored at any time, as well as a copy of this information. You also have the right to access the following information:
- The purposes of the processing.
- The categories of personal data involved.
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations.
- Where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period.
- The existence of the right to request rectification, erasure, or restriction of processing of personal data or to object to such processing.
- The right to lodge a complaint with a supervisory authority.
- If the personal data is not collected directly from the data subject, any available information about their source.
- The existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Additionally, you have the right to know if personal data is being transferred to a third country or international organization and, if so, to be informed about the appropriate safeguards in place for the transfer.
c) Right to correction
Every individual has the right, as granted by European legislation, to obtain from the controller the prompt correction of any inaccurate personal data concerning them. With regards to the purposes of the processing, the data subject also has the right to have incomplete personal data completed, which may include providing an additional statement.
d) Right to erasure (Right to be forgotten)
Every individual has the right, as granted by European legislation, to request the erasure of their personal data from the controller without undue delay. The controller is obligated to erase personal data without undue delay if any of the following grounds apply, provided that the processing is not necessary:
- Personal data is no longer necessary for the purposes for which it was collected or processed.
- The data subject withdraws consent on which the processing is based, according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the GDPR.
- Personal data has been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- Personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
e) Right to restriction of processing
f) Right to data portability
Each data subject has the right, as granted by European legislation, to receive their personal data in a structured, commonly used, and machine-readable format from the controller. They also have the right to transmit this data to another controller without hindrance, as long as the processing is based on consent or a contract and the processing is carried out by automated means, except in cases where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Furthermore, in exercising the right to data portability, the data subject has the right to have their personal data transmitted directly from one controller to another, where technically feasible and without adversely affecting the rights and freedoms of others.
g) Right to object
Each data subject has the right, as granted by European legislation, to object to the processing of their personal data based on legitimate interests or for direct marketing purposes. This right also applies to profiling based on these provisions.
h) Automated individual decision-making, including profiling
Each data subject has the right, as granted by European legislation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, unless the decision is necessary for the performance of a contract, authorized by law, or based on explicit consent.
i) Right to withdraw consent
Each data subject has the right, as granted by European legislation, to withdraw their consent to the processing of their personal data at any time.
SPY24 Services are generally not aimed at children. This Website is not intended for use by individuals under the age of 18.
We comply with COPPA regulations and do not knowingly collect information from children and minors. We encourage parents and legal guardians to monitor their children’s Internet usage and instruct them not to provide information on our Website without permission.
Our Website and Service do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal data from a child, we will promptly delete it unless legally obligated to retain such data.
We do not store information gathered from a child’s target device. All collected information is encrypted.
DATA PROCESSING ON YOUR BEHALF: WE, AS DATA PROCESSOR
Target Device Data: When registering for the SPY24 Account, the SPY24 Software collects data from the target device associated with the Account. This data may include personal information relating to you, the target device user(s), or third parties (“User Data”), such as device information, website and app usage, contacts, messages, and other communications, as well as posted and received content. In accordance with
applicable privacy law, you are the Data Controller of this Target Device Data, and we are appointed as the Data Processor for the purpose of providing SPY24 Services.
Indemnity: You agree to indemnify and hold us harmless from all claims, damages, and losses arising from the processing of Target Device Data and other third-party personal data submitted to our systems during the use and provision of SPY24 Services.
DATA RETENTION PERIOD
The duration for which personal data will be stored is determined by the respective statutory retention period. Once this period expires and we no longer require the personal data for the intended purpose, we routinely and securely delete or destroy it. As the data controller, we will process and store the personal data of the data subject only for the necessary period to achieve the purpose of providing SPY24 services or as permitted by European or other applicable legislation.
However, in the case of ongoing conflict situations, SPY24 may store personal data for a period of 180 days or longer if the processing is necessary for the establishment, exercise, or defense of legal claims or for compliance with a legal obligation imposed by Union or Member State law, in the event of an expired account or if the data subject requests the deletion of their personal data upon the expiration of this period or earlier if a conflict situation is resolved, all personal data and information obtained from a target device will be deleted.
We generally retain all logs and information downloaded from a target device in encrypted form for a period of 3 months.
Please note that any logs and information downloaded from a target device using SPY24 software and stored in the SPY24 database for more than 3 months will be automatically deleted for security reasons, with appropriate notification. Logs can be downloaded by the user within the specified period for further storage if necessary.
For active accounts, we do not store on our servers any downloaded information from a target device for more than 3 months. Upon the expiration of this period, all information will be deleted. In the case of expired accounts, all downloaded information from a target device will be deleted within 1 month.
If you wish to remove all logs and information downloaded from a target device in your account, please uninstall SPY24 from your device(s) and send an email to [email protected] or click on the “Delete my Account” button in your account. Your account will be permanently removed within 30 days or earlier from our active systems, servers, and backups. By deleting your account, all personal data, excluding billing information for compliance with legal obligations and gathered information from a target device, will also be removed.
HOW TO OPT-OUT OR CHANGE PERSONAL INFORMATION
If you object to the changes, please contact us using the information provided below.
Any claim or dispute arising out of or in connection
Individuals accessing the website from locations outside the Czech Republic and the European Union are responsible for complying with applicable local laws.
All notices and requests related to personal data and privacy matters should be addressed to:
Data Protection Officer
Altercon Group s.r.o.
Londynska 730/59, Vinohrady, 120 00 Praha, Czech Republic