ZauberVPN

Legal Compliance (GDPR)

Our commitment to data protection and compliance with the General Data Protection Regulation.

Last updated: January 2025

🛡️ GDPR Compliance Statement

ZauberVPN is fully committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We implement the highest standards of data protection and privacy.

1. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: When you explicitly agree to data processing
  • Contract Performance: To provide our VPN services
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws

2. Your Data Protection Rights

Under GDPR, you have the following rights:

Right of Access

Request copies of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Restrict Processing

Limit how we process your data

Right to Data Portability

Transfer your data to another service

Right to Object

Object to processing for legitimate interests

3. Data Minimization and Purpose Limitation

We adhere to the principles of:

  • Data Minimization: We only collect data that is necessary for our services
  • Purpose Limitation: Data is only used for the purposes for which it was collected
  • Storage Limitation: Data is retained only as long as necessary
  • Accuracy: We ensure data is accurate and up-to-date

4. Data Protection by Design

We implement data protection measures from the ground up:

  • Privacy-by-design architecture in all our systems
  • End-to-end encryption for all data transmission
  • Regular security audits and penetration testing
  • Employee training on data protection best practices
  • Access controls and authentication mechanisms

5. Data Processing Records

We maintain detailed records of our data processing activities, including:

  • Categories of personal data processed
  • Purposes of processing
  • Data retention periods
  • Security measures implemented
  • Third-party data processors

6. International Data Transfers

When transferring data outside the EEA, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

7. Data Breach Notification

In the event of a data breach, we will:

  • Notify supervisory authorities within 72 hours
  • Inform affected individuals without undue delay
  • Document all breach incidents and response actions
  • Implement measures to prevent future breaches

8. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to ensure compliance:

Contact: dpo@zaubervpn.com

Responsibilities: Monitor compliance, provide advice, and act as a contact point for supervisory authorities.

9. Exercising Your Rights

To exercise your GDPR rights, you can:

We will respond to your request within 30 days of receipt.

10. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with GDPR.

📞 Need Help?

If you have any questions about our GDPR compliance or wish to exercise your rights, please don't hesitate to contact us.

11. Contact Information

8. Data Protection Officer (DPO) dpo@zaubervpn.com

Privacy Team: privacy@zaubervpn.com

General Support: office@zaubervpn.com