1. Data Controller
VPN Fleet acts as the data controller for personal data collected through our website and services. For data protection inquiries, contact us at gdpr@vpnfleet.com.
2. Legal Basis for Processing
We process personal data under the following legal bases:
- Contract performance — processing necessary to provide our VPN services (Article 6(1)(b))
- Legitimate interest — service security, fraud prevention (Article 6(1)(f))
- Legal obligation — tax and financial record-keeping (Article 6(1)(c))
- Consent — optional marketing communications, where applicable (Article 6(1)(a))
3. Data Minimization
In accordance with GDPR's data minimization principle, we collect only the minimum data necessary to provide our services. Our no-log VPN policy means we process no traffic data, browsing history, or connection metadata.
4. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights:
- Right of Access (Art. 15) — request a copy of all personal data we hold about you
- Right to Rectification (Art. 16) — correct inaccurate personal data
- Right to Erasure (Art. 17) — request deletion of your personal data ("right to be forgotten")
- Right to Restriction (Art. 18) — restrict processing of your personal data
- Right to Data Portability (Art. 20) — receive your data in a machine-readable format
- Right to Object (Art. 21) — object to processing based on legitimate interest
- Right Not to be Subject to Automated Decision-Making (Art. 22) — we do not use automated decision-making or profiling
To exercise any of these rights, contact gdpr@vpnfleet.com. We will respond within 30 days.
5. Data Transfers
Our VPN servers are located in multiple countries. When you connect to a server, your encrypted traffic passes through that jurisdiction. However, since we maintain a strict no-log policy, no personal data is stored on any VPN server regardless of location.
Account data is stored on servers with appropriate safeguards including Standard Contractual Clauses (SCCs) where required.
6. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected individuals without undue delay
- Document the breach, its effects, and remedial actions taken
7. Data Protection Officer
For GDPR-related matters, contact our data protection team at gdpr@vpnfleet.com.
8. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe your personal data has been processed unlawfully.
Last updated: March 2026