Under the General Data Protection Regulation (GDPR), individuals in the EEA and UK have significant rights over their personal data. This policy explains those rights and how ProtectYourPC fulfils its obligations as a data controller. To exercise your rights or ask questions, contact us at privacy@protect-your-pc.com.
ProtectYourPC is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR. This policy explains how we collect, use, store, and protect your personal data, and sets out your rights as a data subject.
This GDPR Policy applies to all individuals located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions where the GDPR or equivalent legislation applies. If you are a resident of these regions, you have specific rights regarding your personal data that we are obligated to honour.
ProtectYourPC acts as the data controller for the personal data you provide when using our services. As the data controller, we determine the purposes and means of processing your personal data.
If you have any questions about how we process your personal data or wish to exercise your rights, you can contact our Data Protection Officer (DPO) at: privacy@protect-your-pc.com. We will respond to all legitimate requests within 30 days.
We process your personal data where it is necessary for the performance of a contract with you — for example, to create and manage your account, process payments, deliver our cybersecurity protection services, and provide customer support.
We may process your data where it is in our legitimate interests to do so, provided those interests are not overridden by your rights and freedoms. This includes fraud prevention, improving our services, and ensuring the security of our platform.
We may process your data to comply with applicable laws and regulations, including tax obligations, anti-money laundering requirements, and responses to lawful requests from public authorities.
Where we rely on your consent to process personal data — such as for marketing communications or non-essential cookies — you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
We collect your name, email address, billing address, computer name(s) and account credentials when you register for our services. This data is required to create and manage your account.
We collect payment card details and billing information to process your subscription payments. Payment card data is processed by our PCI DSS-compliant payment processor (Stripe) and is not stored on our servers.
To deliver our PC protection services, we collect device identifiers, operating system information, hardware details, and security status data for computers registered under your subscription.
We automatically collect log data, IP addresses, browser type, pages visited, and timestamps when you interact with our website and services. This data helps us maintain security and improve our platform.
Our software collects data generated during security scans, including detected threats, system vulnerabilities, and remediation actions. This data is used solely to protect your devices and improve our threat detection capabilities.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Account data is retained for the duration of your subscription and for up to 7 years thereafter for legal and tax compliance purposes.
When your data is no longer required, we will securely delete or anonymise it. Security scan data and device logs are retained for a maximum of 12 months from the date of collection. You may request earlier deletion of your data subject to our legal obligations (see Your Rights below).
We share your personal data with trusted third-party service providers who process data on our behalf, including payment processors (Stripe), cloud infrastructure providers (Supabase), and email service providers (Resend). All processors are bound by data processing agreements and are required to implement appropriate security measures.
Some of our service providers are located outside the EEA. Where we transfer personal data to countries that do not provide an equivalent level of data protection, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
We may disclose your personal data to law enforcement agencies, regulatory bodies, or other third parties where required by law or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
You have the right to request a copy of the personal data we hold about you (a "Subject Access Request"). We will provide this information free of charge within 30 days of receiving your request.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update most of your account information directly through your account settings.
You have the right to request that we delete your personal data where there is no compelling reason for its continued processing. This right is subject to certain exceptions, such as where we are required to retain data for legal compliance.
You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of data you have contested.
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. You also have an absolute right to object to processing for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently make such automated decisions about our users.
To exercise any of your rights, please contact us at privacy@protect-your-pc.com with the subject line "GDPR Data Request". Please include your full name, email address associated with your account, and a description of the right you wish to exercise. We may need to verify your identity before processing your request.
We will respond to all valid requests within 30 days. In complex cases, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, you may contact the supervisory authority in your country of residence.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include 256-bit SSL/TLS encryption for data in transit, encryption of data at rest, access controls and authentication requirements, regular security assessments, and employee training on data protection.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
We may update this GDPR Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by sending you an email notification. The date of the most recent revision will be indicated at the top of the policy.
Access
Request a copy of your personal data
Rectification
Correct inaccurate or incomplete data
Erasure
Request deletion of your personal data
Restriction
Limit how we process your data
Portability
Receive your data in a portable format
Object
Object to certain types of processing
For any questions, concerns, or requests relating to your personal data and GDPR rights, please reach out to us directly.