Cookie Policy
Last updated: 28 January 2026
Cookie Policy
Data Security Measures
Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. VPN Angel holds Personal Data in respect of its clients and third parties in order to fulfil its contractual obligation to those clients and to fulfil statutory duties on behalf of itself and its clients. VPN Angel is committed to the safe processing of client data and third party data.
Personal Data is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Detailed below is an outline of the measures that we undertake to ensure the safety of Personal Data within our organisation.
1. Safe Transfer of Data
In the absence of clear guidance regarding data transfer within the UK we have assessed the safety of all our data transactions and are implementing the following changes to our processes.
a. Emails containing Personal Data sent by us to the client contacts will be encrypted
b. Documents and reports that contain Personal Data will be password protected when being transferred to the client where practical
c. Documents and reports, where appropriate, will be transferred to the client rather than sent as email attachments
d. Posting of hard copy documents will be avoided if practical. The option to gather starter information on-line will be made available along with a rolling program of moving any current paper processes to online data capture processes where reasonably practicable.
2. Data Storage and Record Keeping
All documents will be kept in line with current legislative requirements.
IT Security and Recovery Procedures
Overview
In the event of a disaster that leads to a complete or partial shutdown of the communications or IT systems in the head office, VPN Angel have a detailed disaster recovery plan to ensure that the core priority services are maintained.
Current Backups, Frequency and Location
Daily Server Backup
• Full system backups occur every day to a cloud server.
• All changed data is then replicated daily to a remote server in the cloud that can be “spun up” in the event of a Disaster Recovery scenario.
•This offsite data is kept for 3 years.
In the event of a full local server failure, the cloud server would be activated in order to restore our systems.
In the event of a power failure, our internal server has an on-site back up power source which gives an approximate 4 hour window to resolve any issues.
Third Parties:
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html.
Your rights as a data subject:
At any point whilst VPN Angel is in possession of or processing your personal data, all data subjects have the following rights:
Right of access - You have the right to request a copy of the information that we hold about you.
Right of rectification - You have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten - In certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing - Where certain conditions apply you have a right to restrict the processing.
Right of portability - You have the right to have the data we hold about you transferred to another organisation.
Right to object - You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling - You also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that VPN Angel refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
You can request the following information:
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• How long the data will be stored
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority (Data Protection Regulator).
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
• The source of personal data if it wasn't collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
*To access what personal data is held, identification will be required
VPN Angel will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required.