Privacy Policy

This Privacy Policy applies to all services provided by UESE, including consultancy, training, certification, cybersecurity services, and advanced network protection solutions. It also extends to technology-enabled services and digital infrastructures used to support secure business operations, including VPN services with rotating IP infrastructure delivered through qualified technology partners.

The scope of this Policy is intentionally broad because UESE operates in an integrated environment where legal, technical, organizational, and digital services may intersect. The Policy therefore covers personal data processed in connection with client interactions, service activation, technical support, digital platform usage, cybersecurity controls, and communication channels that are functionally linked to the delivery of UESE services.

UESE processes personal data only to the extent necessary for legitimate business, legal, contractual, and technical purposes. The categories of data processed may vary depending on the specific service requested, the communication channel used, and the operational framework in which the interaction takes place.

All processing activities are carried out according to the principles of data minimization and privacy by design. This means that UESE seeks to avoid unnecessary data collection, restrict the use of identifiable information where not required, and align technical architectures with confidentiality and proportionality requirements from the outset.

Personal data are processed for specific, explicit, and legitimate purposes connected to the provision, management, protection, and improvement of UESE services. Each processing purpose is linked to a clear operational rationale and is assessed against the principles of necessity and proportionality.

UESE processes personal data only where a valid legal basis exists under applicable data protection law. The legal basis depends on the nature of the service, the type of interaction, and the operational purpose for which the data are used.

• Performance of a contract (Art. 6(1)(b) GDPR) for service delivery, onboarding, support, and contract execution
• Compliance with legal obligations (Art. 6(1)(c) GDPR) where processing is required by law, regulation, or competent authority
• Legitimate interest (Art. 6(1)(f) GDPR) in ensuring IT security, service reliability, fraud prevention, and infrastructure protection
• Consent (Art. 6(1)(a) GDPR) where required, especially in relation to marketing communications or optional processing activities

UESE carefully evaluates the appropriate legal basis for each processing activity and, where legitimate interest is relied upon, considers whether the interest pursued is balanced against the rights and freedoms of the data subject.

UESE provides advanced cybersecurity services, including Virtual Private Network (VPN) solutions featuring rotating IP capabilities through a distributed infrastructure of approximately 25 global servers. This service layer is designed to strengthen secure connectivity, reduce exposure of the originating IP address, and support a more resilient and privacy-conscious network posture for business users and organizations.

UESE does not use VPN services to monitor user activity or content. The service is designed exclusively to ensure network protection, cybersecurity resilience, and operational continuity. The architectural model is therefore aimed at security enhancement rather than intrusive observation or behavioral profiling.

Data are processed using electronic and organizational tools aligned with recognized international standards, including ISO 27001 principles. UESE adopts a security-oriented governance approach designed to protect confidentiality, integrity, availability, traceability, and resilience across all relevant service layers.

Technology partners involved in VPN services operate under contractual obligations intended to ensure GDPR compliance, operational reliability, and adequate technical safeguards consistent with UESE’s control and risk management framework.

Personal data are retained only for as long as necessary to fulfill the purposes for which they were collected, and in accordance with legal, contractual, and operational requirements. Retention periods may vary depending on the category of information and the business process involved.

VPN-related session data are retained only for the duration strictly required for service provision and security purposes. UESE regularly assesses whether retained data remain necessary and proportionate in light of the purpose originally justifying their processing.

Personal data may be shared only where necessary and appropriate, for example to enable service delivery, support compliance requirements, obtain specialist technical functions, or respond to legal obligations. Sharing takes place under controlled conditions and with due regard to confidentiality and proportionality.

• IT service providers and cloud infrastructure partners
• Cybersecurity and VPN technology providers
• Legal, financial, and regulatory advisors
• Competent authorities where required by law

Where data transfers occur outside the European Economic Area (EEA), UESE ensures appropriate safeguards, including Standard Contractual Clauses (SCCs) and equivalent protection measures. Such transfers are assessed in light of applicable legal requirements and operational necessity, with a focus on preserving adequate protection standards for the data involved.

Data subjects are entitled to exercise the rights granted under applicable data protection legislation. These rights are intended to ensure transparency, control, and fair treatment in relation to personal data processing activities.

Requests concerning the exercise of rights may be submitted to: info@uese.eu. UESE will review and handle such requests in accordance with the applicable legal framework and within the timelines prescribed by law.

This Privacy Policy does not apply to third-party services accessed through external links or operated under separate legal and technical control. Where users interact with external providers, including VPN technology partners or other linked services, the processing of personal data may be governed by the policies and terms adopted by those independent entities.

Users are therefore encouraged to review the respective privacy policies of such providers where applicable. UESE cannot assume responsibility for third-party privacy practices that fall outside its role as Controller or beyond the processing operations directly governed by its own service framework.

UESE reserves the right to update this Privacy Policy at any time in order to reflect regulatory changes, service evolution, operational developments, organizational updates, or improvements in its data protection governance model.

Users are encouraged to review this Policy periodically so as to remain informed about how UESE handles personal data and how privacy and security practices may evolve over time. Any updated version will become effective upon publication, unless otherwise specified by law or by the content of the revision itself.