DRoca Networks S.A. de C.V. MEX +52(55)55957500 Contacto
Privacy Policy | DrayTek
Privacy
Policy

Last Updated: 2025-10-22
Effective Date: 2025-09-12
(EU) 2023/2854 – EU Data Act Compliance

DrayTek respects your privacy and is committed to protecting your personal and device-generated data. This policy explains how we collect, use, store, share, and safeguard your data in compliance with the EU General Data Protection Regulation (GDPR) and EU Data Act (Regulation (EU) 2023/2854).

1. Scope of Application

This policy applies to all personal and non-personal data collected through DrayTek websites, online platforms, and connected services, including MyVigor, VigorACS, and DrayTek Cloud Services. It does not apply to external websites linked from DrayTek domains or to parties not managed or authorized by DrayTek.

2. Use of Cookie

To enhance your browsing experience, DrayTek uses cookies to analyze website performance and service usage. Cookies may collect standard browser and device information but do not contain personally identifiable data. You can disable cookies in your browser; however, some website features may not function correctly if cookies are blocked.

3. Personal Information Collection and Use

When using DrayTek services, you may be asked to provide personal information such as name, email address, region, and contact details.

DrayTek processes this data for the following legitimate purposes:

  • Providing technical support, warranty, and customer service
  • Managing registered products and user accounts
  • Delivering product and firmware updates
  • Improving user experience and network performance analytics
  • Meeting legal, compliance, and security requirements

DrayTek will not use any non-personal data generated by connected products or services without the user’s consent, except when required to fulfil contractual or legal obligations.

We do not collect personal data directly from routers, switches, or access points. Device logs and analytics processed by DrayTek remain anonymized or pseudonymized whenever possible.

4. Data Access and Transparency (EU Data Act Compliance)

In accordance with the EU Data Act, DrayTek ensures transparency, accessibility, and interoperability of data generated by connected products and services:

  • User Right of Access
    Users are entitled to access the data generated through their use of DrayTek connected products and services that they own, rent, or lease.
  • Data Sharing with Third Parties
    Users may choose to share such data with a third party, either directly or by instructing DrayTek (as the data holder) to share the data with that third party in a structured and machine-readable format.
  • Device-Generated Data
    Operational data collected by Vigor routers, switches, or VigorACS systems is used solely for legitimate technical or support purposes and is handled according to the user’s contractual rights.
  • Transparency of Data Types
    Information on data categories, access methods, formats, and retention is summarized in the table below and further detailed in the relevant product documentation.
  • Conflict with GDPR
    In the event of any conflict between the EU Data Act and the GDPR regarding personal data, the GDPR shall take precedence in accordance with Article 1(5) of the EU Data Act.
Data Transparency Summary (DrayTek Connected Products)
Data Category Access Method Data Format Storage Location Retained After Reboot / Reset Generated in Real Time
Device Information (e.g., model, serial number, firmware version) Web GUI, CLI, MyVigor JSON / TXT Local / Cloud Yes / No Yes
Network Statistics (e.g., WAN, LAN, VPN throughput) Web GUI, CLI, VigorACS CSV / JSON Local / Remote (VigorACS / Syslog) No Yes
Connected Clients / MAC Table Web GUI, CLI TXT Local / Remote No Yes
System Logs / Event History Web GUI, Syslog TXT / Log File Local / Remote Yes Yes
Configuration Backup / Settings Web GUI, CLI CFG / XML Local Yes No
Security & Access Logs Web GUI, Syslog, VigorACS TXT / JSON Local / Remote Yes Yes
Power / PoE / Hardware Monitoring Monitoring Web GUI, CLI JSON / CSV Local No Yes

Note: “Retained After Reboot / Reset” may vary by product model and configuration. Detailed technical information is provided in each product’s user manual or release documentation.

5. Data Sharing and Third-Party Processing

DrayTek may maintain contractual agreements with users or service providers that define the rights related to the access, use, and sharing of data generated by DrayTek connected products and services. The details of such rights and procedures for data access are provided in user guides or contract documents.

6. Data Protection and Security Measures

DrayTek implements layered cybersecurity and organizational controls, including SSL/TLS encryption, role-based access control, regular security testing, firewalls, and limited data-center access. All data processors and partners are contractually required to adhere to confidentiality and data-protection standards.

7. Data Retention and Deletion

DrayTek retains personal information only as long as necessary to fulfil the purposes stated above or as required by law. Users may request data deletion or anonymization at any time, subject to legal and contractual obligations. Device telemetry or diagnostic data is automatically deleted or anonymized after a limited retention period.

8. User Rights under GDPR and Data Act

You have the right to:

  • Access and obtain copies of your personal and device-generated data
  • Request correction or deletion of inaccurate information
  • Object to data processing or withdraw consent
  • Request data portability and service switching under the Data Act, including the right to transfer or migrate data to another service provider where technically feasible
  • File a complaint with your national data protection authority

9. Children’s Privacy

DrayTek does not knowingly collect data from individuals under the age of 16. If such data is inadvertently collected, it will be deleted immediately upon discovery.

10. International Transfers

Your information may be processed or stored in other regions where DrayTek or its partners operate. DrayTek ensures that all transfers comply with GDPR requirements and EU-approved data transfer mechanisms.

11. Contact Us

For privacy inquiries or Data Act-related requests, please contact:

  • Email: privacy@draytek.com
  • Data Protection Officer (DPO): dpo@draytek.com

12. Policy Updates

This Privacy Policy may be revised periodically to reflect regulatory changes or product updates.
All revisions will be published on this page with the latest revision date displayed above.

13. Summary of Key Additions (2025 Revision)

  • Explicit entitlement of users to access device-generated data
  • Option for user-instructed third-party data sharing
  • Consent requirement for use of non-personal data
  • Conflict-resolution clause (GDPR takes precedence)
  • Transparency of data categories and access methods in product documentation
  • Clarified contractual rights and data portability provisions
DrayTek website uses cookies.

By continuing to browse this website, it means your agree to our cookie usage policy. To find out more about the cookies we use, see our Privacy Policy