Personal account1. DATA CONTROLLER INFORMATION
This privacy policy applies to AO Kaspersky Lab, located at bldg. 2, 39A, Leningradskoe Shosse, Moscow, 125212, Russian Federation or the respective affiliate (s), which is/are directly stated in a consent which refers to the present Privacy Policy («Kaspersky», «Company» or «we»). It does not apply to Kaspersky websites that do not display or link to this Privacy Policy or that have their own Privacy Policy. It also does not apply to Kaspersky’s services and products unless they are linking to this Privacy Policy.
In this Privacy Policy we inform you about the processing and the privacy of your personal data when using our websites or webservices. As a security expert company, data privacy and data security are very important to us. Therefore, we are committed to respecting and protecting your privacy and to handling your personal data confidentially.
If you have any questions or comments regarding the processing of your personal data and Kaspersky’s privacy practices or if you would like us to update information or preferences you provided to us, please contact our data protection officer at https://support.kaspersky.com/general/privacy or directly by post or email: Kaspersky Labs GmbH, Schloßlände 26, 85049 Ingolstadt, Germany, dpo@kaspersky.com.
You can also contact Kaspersky’s EU/Swiss/UK representative: Kaspersky Labs GmbH, Schloßlände 26, 85049 Ingolstadt, Germany.
If you are a data subject located in mainland China, you can contact Kaspersky China’s Data Protection Officer: dpo@kaspersky.com.
2. GENERAL INFORMATION
For the process of retrieving your requested information from our websites or webservices, our servers store certain data needed for service delivery and/or for statistical or security purposes in anonymized or pseudonymized form (pseudonymized form means data is collected under a pseudonym, i.e. a unique random alphanumeric string generated internally in order to identify each data record). In this context, general information is processed, such as your domain name or browser type. These data do not enable us to draw conclusions regarding your identity. These anonymized or pseudonymized data are deleted promptly after their statistical evaluation.
We do not process any «Special Categories of Personal Data» about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data for the purpose of uniquely identifying you), unless otherwise required by the local applicable laws on the definition and processing of «Special Categories of Personal Data».
Notice for California Consumers. If you are looking for CCPA-specific information, check out our CCPA Privacy Notice as well, which is incorporated into this Privacy Policy.
3. LOCAL REQUIREMENTS
To extent required by the applicable local law, the processing of your personal data in certain scenarios must comply with the applicable local law requirements, including but not limited to separate consent and data protection impact assessment, retention period, legal basis and other local applicable requirements.
4. AUTOMATED DECISION MAKING
We do not use automated decision making at our Websites and Services.
5. WHAT PERSONAL DATA DO WE PROCESS AND HOW DO WE USE IT
Visit to our websites or webservices
Description of Service
Display of service
For providing a website or our webservices, we collect and process personal data that your internet browser automatically transmits to us, which is date and time of the retrieval of one of our websites or webservices, your browser type and browser settings and your IP address.
Our legal basis for processing your personal data is safeguarding our legitimate interests which lie in providing an access to our websites or webservices and ensuring the technical functionality of the website or webservices.
Logfiles
During your use of our websites or webservices we may process your IP address, network provider, browser type, visited domain names, and other information about your client environment (such as model of your device, operating system, screen resolution, etc.).
Purpose of this processing is the improvement of security and availability of our websites or webservices.
Legal basis for processing your personal data is safeguarding our legitimate interests which lie in the aforementioned purposes.
Web Analysis
We may also process information about which Kaspersky websites and webservices you use and how you use them, the web page you were visiting immediately prior to visiting our website or webservices, pages of our website or webservices that you visited, the time spent on those pages or services, information you searched for on our website or webservices, access times and dates, and other statistics.
Purpose of this processing is the production of traffic statistics for the Kaspersky’s websites or webservices.
Legal basis for processing data is your consent. You can withdraw your consent anytime with effect for the future by clicking the link you will find at the bottom of each page of websites.
Cookies
Cookie files are files or fragments of information that may be stored on your computer or other Internet-compatible end user devices (for example, smartphones and tablets) when you visit our websites or use our webservices. This information frequently consists of alphanumeric strings that uniquely identify your computer or end user device, but they may also contain other information.
On our websites or webservices we use different types of «cookies» (small text files that are placed on your device):
A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies are given in the cookie center on the specific websites of our company or in the relevant consents or agreements.
How long do we keep your personal data
The data we process for the delivering of the service is deleted directly after delivery by the web server.
Logfiles are deleted no later than 1 year after creation.
Data which we process for the purpose of web analysis is deleted 1 year after creation.
The deletion period of the cookies is given in the cookie center on the specific websites of our company or in the relevant consents or agreements.
Kaspersky DDoS Protection and its customizations (hereinafter referred to as the «Service»)
Description of Service
Account registration. In order to use the Service and have access to all of its functions, you will need to create a personal account, which requires you to provide us with your email address (which will be your user name) and a password. We will only process and use this data in order to provide you the Service, unless it is allowed by applicable law or you expressly consent to a processing or use for other purposes (for example to receive useful news on Kaspersky products and services via email). You may also need to provide us your mobile phone number for the purpose of additional protection of your account from unauthorized access. We will only use your mobile phone number to send you authorization security codes.
Purpose and legal basis for processing your personal data is the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Account Settings. You may review, update or correct your account data, password, and preferences or even delete your account at any time using the «Profile» function.
Support. When you contact Customer Service by using our support services, we will ask for the necessary information to provide you with support (for example, your license number, email address, information about the product that caused the problem, information about computer hardware and software, and a description of the problem). These files may also contain personal data, such as user or identifiable file names, metadata, or file content. You may send these files at your sole discretion.
Purpose and legal basis for processing your personal data is the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
How long do we keep your personal data.
Your personal account information will be deleted no later than 1 (one) calendar month after the account is deleted. Backups of data are stored for no more than 1 (one) month from the moment when they are created.
Other websites and forms
Description of Service
Premium Content. In order to access various content elements, such as Whitepapers, Videos, register for events or reach dedicated marketing material, we will ask for your first name, last name, email and phone number as mandatory personal data to provide you with this premium content.
Purpose and legal basis for processing your personal data is the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Free trials. If you want to test our products, we will also ask for your first name, last name, phone number and email address. This data will be used for sending out the activation code and to remind you of the end of the trial period. Up to 14 days after the end of the trial period you may receive a final reminder and an offer to purchase a full license.
Purpose and legal basis for processing your personal data is the performance of a contract to which you are a party you or in order to take steps at your request prior to entering into a contract.
Newsletters, Free Product Updates and Special Offers. If you have signed up for it and provided us your email address and, in some cases, your name and last name we will use these data for the purpose to provide you with additional information on products and services free product updates and special offers which might be of interest to you.
Legal basis for processing your personal data is your consent. You can withdraw your consent anytime with effect for the future by clicking the unsubscribe link you will find in every email or contacting us by email.
Contact Forms. If you want to contact us by using our contact and support forms, you will be asked to provide your contact information (entry fields marked «*»), which we will exclusively process or use as far as necessary for the purpose to get in contact with you and provide you with the information you desire. You are free to provide additional information (through the fields not marked «*»), which we will of course process in line with all applicable data protection requirements as well. This data will be forwarded to the Kaspersky regional teams responsible for your location. The Kaspersky regional teams will use the data in order to get in contact with you.
Our legal basis for processing your personal data is safeguarding our legitimate interests which lie in the pursuit of the aforementioned purposes.
Customer Satisfaction Surveys for Customer Service users. Kaspersky holds surveys for Customer Service users with the purpose of improving the quality of customer service. In order to conduct the Customer Satisfaction Surveys we receive the following data:
Your email address and/or your corporate telephone number, which will allow us to identify you as a user in our database and link your opinion within the survey with your contacts and history of requests sent to our Customer Service Team.
The rate you gave to our Customer Service Team and recommendations that will be used for improving the quality of services provided by Kaspersky Customer Service.
Our legal basis for processing your personal data is safeguarding our legitimate interests which lie in the improvement of our services.
How long do we keep your personal data
We delete your personal data if it is no longer required for the purposes we are pursuing, the storage period specified in the consent has expired, or you have withdrawn the consent and there is no other legal basis. If the latter applies, we delete the data after the other legal basis no longer applies.
You can configure your browser settings in a way that cookies are blocked or your system informs you whenever a website wants to set a cookie. However, please be aware that the blocking of cookies may have the effect that you will not be able to use all our website functions any more.
6. RECIPIENTS OF PERSONAL DATA
Our websites and webservices are principally designed in a way that limits the processing of personal data to a minimum extent necessary for achieving the processing purposes. Within Kaspersky, only those persons have access to your personal data, who absolutely need such access to fulfil their functions or tasks.
We will only share your personal data with external recipients if there is a legal justification for doing so or you have consented to it. External recipients can be:
- Processors: Service providers which we use for the provision of certain services e.g. vendors. As far as such external service providers need to have access to personal data, we ensure that any such access is limited to the extent necessary for the provision of the respective service. Furthermore, such external service providers of course have to submit themselves to comply with all applicable data protection regulations.
- Public bodies: Authorities and state institutions, such as public prosecutors' offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.
- Private bodies: Private bodies to which we transfer your personal data on the basis of a legal provision or your consent.
7. WHERE WE PROCESS PERSONAL DATA / THIRD COUNTRY TRANSFERS
The personal data provided by users to Kaspersky can be processed in countries outside the European Union (EU) or the European Economic Area (EEA) and can include the following: United Kingdom, Switzerland, Canada, Singapore, Russia, Japan, USA, Mexico, China, Azerbaijan, Turkey.
Kaspersky has taken appropriate security measures to protect your personal data in accordance with security and privacy best practices, including, utilizing the European Commission’s Standard Contractual Clauses for transfers of personal data between its group companies, which requires all group companies to protect personal data being processed from the European Economic Area to an equivalent standard to that required under European Union data protection law. Where we share your personal data with a third party service provider outside of the European Economic Area and Switzerland, we ensure prior to the transfer that, outside of exceptional cases permitted by statutory law, the recipient either possesses an appropriate level of data protection or appropriate safeguards exist. You can obtain a copy of the appropriate safeguards by contacting us at click here.
To the extent required by the local applicable laws, we will choose a cross-border data transfer mechanism in line with the applicable requirements of the local applicable laws and satisfy the conditions and complete the relevant procedures or adopt the protection measures required for the cross-border data transfer.
8. YOUR DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
Also, we inform that you have certain rights regarding your personal data we process:
- Right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights.
- Right of access. You have the right to request confirmation as to whether or not we are processing your personal data; if this is the case, you have a right of access to such processing
- Right to rectification. You have the right to request the rectification of inaccurate personal data that we process about you. Furthermore, you may demand that incomplete data will be completed.
- Right to erasure (Right to be forgotten). In certain cases you are entitled to obtain from us the erasure of your personal data.
- Right to restriction of processing. In certain cases you are entitled to obtain from us restriction of the processing your personal data, for example if you contest the accuracy of the personal data or the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead.
- Right to data portability. If you have made the data available to us based on a contract or consent, you are entitled to request the transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Right to object
Right to object on a case-by-case basisYou have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests (Art. 6 (1) f) GDPR); including profiling based on these provisions. We will then no longer process such personal data for those purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment of, exercise of, or defence against any legal claims.
Objection to data processing for the purpose of direct marketing
To the extent we process your personal data for the purpose of direct marketing you have the right to object at any time to the processing of personal data concerning you for these purposes. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
- Right to withdraw your consent. You have the right to withdraw your consent to the processing of your personal data. Your withdrawal of consent shall not affect the validity of any activity processing of your personal data already carried out before the withdrawal of your consent.
- Right to complain. If you believe that the processing of the personal data concerning you is illegal, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace, or at the location of the alleged breach.
To the extent otherwise required by the local applicable laws, the local legal requirements will apply.
If you wish to exercise these rights, you may at any time directly contact us.