iTNet Privacy Policy
1. Who we are
This Privacy Policy applies to services offered under the trade name iTNet.
Controller:
iTNet, a sole proprietorship registered in the Netherlands
Business address:
Molukkenstraat 192 A
9715NZ Groningen
Netherlands
KvK number:
42010262
VAT ID:
495329630B01
Primary contact email:
info@itnet247.nl
Support phone:
+31623531735
Office phone:
+31203693050
For legal identification purposes only, iTNet is operated as a Dutch sole proprietorship by Atefeh Salmanisabeq.
2. Scope of this Privacy Policy
This Privacy Policy explains how iTNet collects, uses, stores, shares, protects, and otherwise processes personal data in connection with:
- the iTNet website
- account creation and account management
- prepaid calling products, calling credit, voice allowances, minute-based products, and related digital communication services
- VPN access services and other digital connectivity services
- checkout, billing, payment, activation, support, complaints handling, fraud prevention, and legal compliance
- service-related communications and operational notices
This Privacy Policy must be read together with the iTNet Terms and Conditions, the Cancellation and Refund Policy, and any specific product or checkout notice shown at the time of order or activation.
3. Privacy principles
iTNet processes personal data in accordance with applicable data protection law, including the GDPR / AVG, on the basis of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
iTNet does not sell personal data as a standalone asset.
4. Categories of personal data we may process
Depending on how you interact with iTNet, we may process the following categories of personal data:
a) Identity and account data
- name
- email address
- phone number
- login credentials or authentication-related data
- account ID
- profile or registration details
- verification-related information where required
b) Billing and payment data
- billing address
- order history
- invoice details
- VAT-related or tax-related transaction information where applicable
- payment confirmations
- payment status
- partial payment data provided by payment service providers
- anti-fraud and payment-risk indicators
c) Service and usage data
- purchased products
- activation status
- account entitlements
- service validity periods
- destination eligibility
- service settings
- support status
- usage patterns relevant to purchased services
d) Traffic, communication, and technical metadata
- call-related metadata
- destination-related metadata
- connection timestamps
- session logs
- IP address
- device and browser information
- app or website interaction logs
- routing logs
- technical event logs
- service diagnostics
- error logs
- fraud-screening and security logs
e) Customer support and communications data
- support requests
- complaint submissions
- refund or review requests
- emails
- chat or ticket content
- notes created during support handling
- evidence or screenshots you provide
f) Compliance and risk data
- sanctions-screening results where relevant
- fraud indicators
- abuse indicators
- account review outcomes
- verification outcomes
- destination restrictions
- routing restrictions
- legal-hold or dispute-related information
5. Data we generally do not seek to process as ordinary service content
Unless explicitly stated otherwise in a specific service flow, support process, or legal requirement, iTNet does not intentionally record ordinary call content as part of normal service delivery.
However, iTNet may process technical, routing, account, traffic, support, and security metadata necessary to activate, operate, protect, review, bill, support, or restrict the service.
If a customer voluntarily sends communications or content to iTNet for support, complaint, verification, or dispute purposes, iTNet may process that information to the extent necessary for handling the matter.
6. How we collect personal data
We may collect personal data:
- directly from you when you create an account, place an order, request activation, make a payment, contact support, or submit a complaint or review request
- automatically through your use of the website, app, account, or service interfaces
- from payment service providers, fraud-screening tools, infrastructure providers, suppliers, or technical providers involved in activation, delivery, or security
- from publicly available or legally available sources where reasonably necessary for verification, compliance, abuse prevention, or dispute handling
7. Purposes of processing and legal bases
iTNet may process personal data for the following purposes and on the following legal bases:
a) Contract performance
We process personal data where necessary to create and manage accounts, accept and process orders, activate services, provide digital communication and connectivity services, manage billing, deliver purchased products, provide support, and handle service-related requests.
b) Legal obligations
We process personal data where necessary to comply with legal, tax, accounting, consumer-law, fraud-reporting, sanctions, law-enforcement, or regulatory obligations.
c) Legitimate interests
We process personal data where reasonably necessary for:
- fraud prevention
- abuse prevention
- chargeback prevention
- account security
- service continuity
- route and destination management
- technical diagnostics
- incident response
- complaint review
- billing review
- legal defense
- evidentiary record-keeping
- supplier compliance
- payment reliability
- operational analytics
- service protection
- business administration
d) Consent, where required
Where the law requires consent, such as for certain non-essential cookies or certain optional communications, iTNet will rely on consent and allow withdrawal of that consent in accordance with applicable law.
Where a processing activity is necessary for contract performance, legal compliance, or legitimate interests, iTNet may continue to process the relevant data on those bases even if consent is not relied upon.
8. Cookies and similar technologies
The iTNet website may use cookies, local storage, pixels, tags, or similar technologies for security, session management, fraud prevention, technical functionality, and operational analytics.
Where non-essential cookies or similar technologies require consent under applicable law, iTNet will request that consent through an appropriate consent mechanism.
The use of certain security, load-balancing, login, or functionality cookies may be necessary for the operation of the website or account environment and may not require consent where the law allows that.
9. Why we may need service and traffic metadata
For digital communication and connectivity services, iTNet may need to process service usage data, traffic metadata, technical event data, and routing-related records in order to:
- activate and maintain service availability
- validate destination eligibility
- calculate service applicability
- protect against fraud and abuse
- verify support and complaint claims
- analyse billing issues
- manage route and supplier performance
- investigate incidents
- comply with legal obligations
- defend legal claims
Such processing does not mean that all content of communications is routinely monitored or recorded.
10. Recipients and categories of third parties
iTNet may share personal data, where necessary, with:
- payment service providers
- banking and financial service providers
- fraud-screening and risk-control providers
- hosting providers
- cloud infrastructure providers
- email, support, ticketing, and communication providers
- software, security, and technical service providers
- telecom, routing, network, destination, or service-enablement providers
- accountants, auditors, legal advisers, and compliance advisers
- public authorities, regulators, courts, law-enforcement bodies, or tax authorities where required
- parties involved in a dispute, investigation, corporate restructuring, or rights-enforcement process where lawfully justified
iTNet does not share more personal data than is reasonably necessary for the relevant purpose.
11. International transfers
iTNet may use service providers, infrastructure providers, payment providers, technical tools, or support systems that process data inside or outside the European Economic Area.
Where personal data is transferred outside the EEA, iTNet will rely on a lawful transfer mechanism where required, such as:
- an adequacy decision
- appropriate safeguards
- contractual safeguards
- or another lawful transfer basis under applicable data protection law
Because digital service delivery and infrastructure chains may involve international systems, some technical or operational data may be processed in multiple jurisdictions where this is necessary for payment processing, service continuity, support, infrastructure operation, fraud prevention, or legal compliance.
12. Data retention
iTNet keeps personal data only for as long as reasonably necessary for the relevant purpose, subject to legal, tax, accounting, consumer-law, fraud-prevention, security, and dispute-retention needs.
Retention periods may differ depending on the category of data. For example:
- account and profile data may be retained while the account remains active and for a reasonable period afterwards
- order, invoice, billing, and tax records may be retained for the period required by law or accounting practice
- technical logs, routing logs, and security logs may be retained for as long as needed for security, diagnostics, fraud prevention, abuse review, or dispute handling
- support tickets, complaint records, and refund review records may be retained for as long as needed to resolve the matter and defend related claims
- backup copies may remain for a limited technical period before deletion or overwrite
Where data is no longer needed, iTNet may delete it, anonymise it, or irreversibly de-identify it, unless continued retention is required or justified by law.
13. Security and protection measures
iTNet applies reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, misuse, or unlawful processing.
These measures may include account controls, access controls, authentication measures, logging, encryption or secure transmission where appropriate, provider controls, review procedures, and incident-management processes.
No method of transmission, storage, or online service operation is completely risk-free. iTNet therefore cannot guarantee absolute security.
14. Automated checks and risk controls
iTNet may use automated or partly automated checks, flags, thresholds, and risk indicators for payment review, fraud prevention, abuse prevention, security protection, destination controls, route controls, service eligibility, and operational continuity.
Where such controls indicate elevated risk, iTNet may delay activation, request verification, restrict service, block destinations, hold a transaction, or place an account under review.
iTNet is not required to disclose internal fraud-prevention logic, security thresholds, screening rules, or operational risk criteria where withholding that information is reasonably necessary for abuse prevention, service protection, legal compliance, or security.
15. Your rights
Subject to the conditions and limitations provided by applicable law, you may have the right to:
- access your personal data
- rectify inaccurate personal data
- erase personal data
- restrict processing
- object to certain processing
- receive data portability where applicable
- withdraw consent where processing is based on consent
- lodge a complaint with a supervisory authority
Some of these rights do not apply in every case. iTNet may refuse, limit, or defer a request to the extent permitted by law, including where the request is unfounded, excessive, conflicts with legal obligations, affects the rights of others, undermines fraud prevention or security, or relates to data that must be retained for legal defense, compliance, billing, or operational integrity.
16. Exercising your rights
To exercise your rights or make a privacy-related request, contact:
info@itnet247.nl
Please provide enough information for us to verify your identity and understand your request. iTNet may request additional information where reasonably necessary to confirm identity, protect account security, prevent unauthorised disclosure, or assess the request.
17. Complaints and supervisory authority
If you have a privacy concern, you may first contact iTNet at info@itnet247.nl.
You may also have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
iTNet does not waive any right to challenge, defend, clarify, or respond to any complaint, request, or allegation through lawful procedures.
18. Children
iTNet services are not intended for children where the relevant service or transaction requires legal capacity, payment capability, or adult account responsibility.
If iTNet becomes aware that personal data has been submitted inappropriately in relation to a child account or unauthorised use, iTNet may take appropriate protective action, including restriction, deletion, or verification measures.
19. Changes to this Privacy Policy
iTNet may update this Privacy Policy from time to time for legal, technical, operational, security, product, or business reasons.
The latest version will be published on the iTNet website with an updated version number and date.
Where required by law, iTNet will provide additional notice of material changes through an appropriate channel, such as email, website notice, or account notification.
20. English-language version and interpretation
If this Privacy Policy is translated for convenience, the English-language version prevails to the extent permitted by law.
If any clause of this Privacy Policy is found invalid, unenforceable, or inapplicable, the remaining clauses remain in effect and shall be interpreted as closely as possible to the original commercial intent of this Privacy Policy.