KASPERSKY LAB – PRODUCTS AND SERVICES PRIVACY POLICY
Introduction
AO Kaspersky Lab, located at bldg. 3, 39A, Leningradskoe Shosse, Moscow, 125212, Russian Federation and all companies belonging to the group "Kaspersky Lab" respect your privacy. Our representative in the EU for data protection is: Kaspersky Labs GmbH, Despag-Strasse 3, 85055, Ingolstadt, Germany, info@kaspersky.de, +49 (0) 841 98 18 90, according to Article 27 (1) of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”). Our Data Protection Officer in the EU, according to Article 37 (1) of GDPR, as well as for the other countries, may be contacted via dpo@kaspersky.com.
This Products and Services Privacy Policy (Privacy Policy) describes how we use the information you provide when you use our products and services, and the choices you can make about our use of the information. We also describe the measures we take to protect the information and how you can contact us about our privacy practices.
In connection with specific products or services offered by Kaspersky Lab, you are provided with the agreements, terms of use, and statements that supplement this policy relating to data handling.
This policy may be changed because of changes in legislation, the requirements of the authorities or to reflect changes in our practices concerning the processing of personal data. The revised policy will be posted on our website and will be effective immediately upon being posted. You can read at any time the policy currently in effect on our website: https://www.kaspersky.com/products-and-services-privacy-policy.
This version of the policy is effective as of November 6, 2019.
The Sources of Information
Kaspersky Lab may obtain information about you from various sources, namely:
If you provide us with any information or material relating to another individual, you should make sure that this sharing with us and our further use as described to you from time to time are in line with applicable laws; thus, for example, you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.
You may also choose to consent to third parties disclosing information about you to us that those third parties have received.
Information Provided by Users and How We Use Information
Personal data processing by Kaspersky Lab is always carried out in a legal and fair manner.
You will always know what kind of information you provide to Kaspersky Lab before you start to use the products and services. The data which you provide depends on the services, products, and features you use. For more information about data you provide, please refer to End User License Agreement, Kaspersky Security Network Statement and other documentation of product and services that you use, especially:

FOR HOME USERS (B2C):
FOR BUSINESS USERS (B2B):

The data obtained for processing depends on the product or service, and it is recommended that users carefully read the agreements and related statements accepted during installation or usage of software or service.
Some data are non-personal, according to laws of certain countries. Regardless of the type of data and territory where data was received or processed, we use the highest standards of data protection and apply various legal, organizational, and technical measures in order to protect user data, guarantee safety and confidentiality, as well as ensure users’ rights guaranteed under applicable law.

The data depends on the products and services you use, and could include the following:

It is processed in order to recognize legitimate users. This data is needed to maintain communication between the product and Kaspersky Lab services – sending and receiving product databases, updates, etc.

Data on the product’s operation and its interaction with the user is also analyzed. For example, how long does threat scanning take? Which features are used more often than others? Answers to these and other questions help developers to improve products, making them faster and easier to use.

Data such as device type, operating system, etc. may be needed so the user doesn’t have to buy a new license for the security product after reinstalling the operating system. This information also helps us to analyze cyberthreats, because it shows how many devices are affected by any specific threat.

If a threat (new or known) is found on a device, information about that threat is sent to Kaspersky Lab. This enables us to analyze threats, their sources, principles of infection, etc., resulting in a higher quality of protection for every user.

This information helps to create lists of "white" or harmless applications and prevents security products from mistakenly identifying such applications as malicious. This data is also used to update and extend program categories for features like Parental Control and Application Startup Control. In addition, this information helps us to offer users security solutions that best match their needs.

URLs can be sent to be checked whether they are malicious. This information also helps to create lists of "white" or harmless websites and prevents security products from mistakenly identifying such websites as malicious. This data is also used to update and extend website categories for solutions like Kaspersky Safe Kids and provide better protection for financial transactions in such products as Kaspersky Fraud Prevention. In addition, this information helps us to offer users security solutions that best match their needs. Information about logins and passwords, if contained in the initial browser request from the user, is removed from the visited URL addresses up to the hostname or IP address. In any case, it is not Kaspersky Lab's purpose to process user logins and passwords, and Kaspersky Lab takes all reasonable and sufficient measures to avoid processing these data.

New malware can often be identified only by its suspicious behavior. Because of this, the product analyzes data on processes running on the device. This makes it possible to identify early on processes that indicate malicious activity and to prevent any damaging consequences, such as the destruction of user data.

If an (as yet) unknown file, exhibiting suspicious behavior is detected on a device, it can be automatically sent for a more thorough analysis by machine learning-based technologies and, in rare cases, by a malware analyst. The ‘suspicious’ category includes mainly executable files (.exe). For the purpose of reducing the likelihood of false positives, executable and non-executable "white files" or their parts may be sent.

This information is analyzed in order to warn users of insecure (i.e., poorly protected) Wi-Fi access points, helping to prevent personal data from being inadvertently intercepted.

Email addresses are used for authorization on the Kaspersky Lab web portals (My Kaspersky, Kaspersky CompanyAccount, Kaspersky Endpoint Security Cloud, etc.), which enables users to manage their protection remotely. Email addresses are used to send security messages to (e.g., containing important alerts) to users of Kaspersky Lab products. Users can also choose to specify the names (or nicknames) by which they would like to be addressed on the My Kaspersky portal and in emails. Contact information is provided by users at their own discretion.

By checking the special box in the product settings, users can also share error reports with Kaspersky Lab servers. This information helps (1) during analysis of errors that occurred in the product and to modify it accordingly so that it will function more effectively moving forward, and (2) in the investigation of infection of a user’s computer in order to mitigate threats to a user’s system.

During your use of the anti-spam functionality, Kaspersky Lab scans emails and uses information about them to protect you from spam and fraud. When you indicate to Kaspersky that an email is spam or has been incorrectly identified by the software as spam, you help us analyze it and enable a higher quality of protection for users.

The Anti-theft feature provides certain remote access and control functions designed to protect data on your mobile phone in case of theft, as well allows you to receive information about the location of the stolen device. Anti-theft has to store data about your phone and approved users for these functions to work.

If a parent or holder of parental responsibility wants to use the child protection feature like Kaspersky Safe Kids, he or she can receive information about the child’s device and information about the child’s location. Additionally, the parent or holder of parental responsibility can configure parameters in order to block or permit specific websites and/or allow or prevent certain applications from running on the child’s device. Kaspersky Lab does not collect children’s data beyond the framework of such feature.

This device identifier is generated on user device on Android 8 and higher, using the Advertising ID of the device. We do not process the Advertising ID in clear text; we process only its hash sum. In case user has reset the value of the Advertising ID, the new value of the unique identifier of the mobile device will be associated with the old value, which is necessary for the correct use of the device with services.

KASPERSKY LAB WILL ONLY PROCESS PERSONAL DATA FOR PARTICULAR, PRE-DETERMINED PURPOSES THAT ARE LEGITIMATE WITH REGARD TO APPLICABLE LAW, AND THAT ARE RELEVANT TO KASPERSKY LAB’S BUSINESS.
Threat Intelligence for Protection of Cyber Space
New generations of malware appear all the time, many using new, sophisticated techniques to bypass existing security solutions. In this constantly shifting environment, protection is only as effective as the ability to closely analyze the threat landscape and distill data into actionable intelligence for our users. To achieve this, security solutions must apply a cloud approach that combines the widest possible scope of threat data handling with the most intelligent data processing technologies.
Our infrastructure is designed to receive and process complex global cyberthreat data, transforming it into the actionable threat intelligence that powers our products. A key source of threat-related data comes from our users. By sharing their data and allowing it to be stored and analyzed by artificial intelligence and experts, they help us to ensure that users around the world are protected against the newest cyberthreats. In particular, KSN helps us to respond rapidly to emerging cyberthreats while delivering the highest possible effectiveness of protection and helping reduce the number of false positives.
The amount of data you allow our infrastructure to receive depends on the product used, its configuration settings and preferences.
This approach offers numerous benefits for users and cyber space overall, including:
Legal Bases for Data Processing
The legal basis we use depends on the purpose of processing personal data, which may be the following:
Under certain local laws, you may be entitled to exercise rights in respect of your personal data, such as those described in the section Your Rights and Options. If you wish to exercise such right, please contact us via https://support.kaspersky.com/general/privacy.
LIMITATION OR RESTRICTION DATA PROCESSING
IF YOU CHOOSE NOT TO PROVIDE DATA THAT IS NECESSARY IN ORDER FOR A PRODUCT OR FEATURE TO WORK, YOU MAY NOT BE ABLE TO USE THAT PRODUCT OR FEATURE. THIS OBLIGATORY DATA IS LISTED IN THE END USER LICENSE AGREEMENT. THE KASPERSKY SECURITY NETWORK STATEMENT OR MARKETING STATEMENT CONTAINS A LIST OF DATA THAT USERS CAN DECIDE TO PROVIDE TO US AT ANY TIME BY CHECKING THE CORRESPONDING BOX IN THE PRODUCT SETTINGS (THEY CAN ALSO REVERSE THIS DECISION WHENEVER THEY CHOOSE).
What we aren't going to process
Through its products and services, Kaspersky Lab never process “sensitive” personal data such as religion, political views, sexual preference, or health, or other special categories of personal data. We do not wish to receive any such data and will not request it from you.
Kaspersky Lab’s products must be installed and used by an adult. Children may use the device where Kaspersky Lab’s product was installed only with permission from their parents or holder of parental responsibility. Except for “Data for child protection feature”, we do not intend to process personal data of children, nor do we want to receive such personal information of children.
Provision of Information
We never provide personal data of our users or access to them for state organization or third parties. We may only disclose the Information as follows:
Please note that some of our products, for example Kaspersky Secure Connection, use services of third parties whose privacy practices differ from Kaspersky Lab's. If you provide personal data to any of those services, your data is governed by their privacy statements. You are responsible for acquainting yourself with the data processing rules and procedures described in the relevant privacy statements.
Where we process Information
The personal data provided by users to Kaspersky Lab can be processed in the following countries, including countries outside European Union (EU) or the European Economic Area (EEA):
Within the EU or EEA:
Outside of the EU or EEA:
The list of countries where the data provided by the user may be processed can change. You can acquaint yourself with the current list of countries in the version of the Privacy Policy on the website https://www.kaspersky.com/products-and-services-privacy-policy.
According to our general business practice, the data received from users in the EU are processed on servers located in the EU and Russia.
The personal data may be processed at destinations outside the EU or EEA some of which have not been determined by the European Commission to have an adequate level of data protection. It may also be processed by staff operating outside EU or EEA who work for us or for one of our service providers. In the absence of adequacy decisions or appropriate safeguards recognized by the European Commission, there may be risks for the user if the personal data is transmitted outside of the EU or EEA.
Whenever data is processed, we use the highest level of standards for data protection and apply a variety of legal measures in order to protect user data, guarantee safety and confidentiality, and ensure users’ rights. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Kaspersky Lab processes data, please visit: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Your Rights and Options
You have certain rights regarding your personal data. We also offer you certain options about what personal data you provide to us, how we use that information, and how we communicate with you.
In most cases you can choose not to provide personal data to us when you use Kaspersky Lab’s products, services, and websites. You may also refrain from submitting information directly to us. However, if you do not provide personal data when requested, you may not be able to benefit from the full range of Kaspersky Lab products and services and we may not be able to provide you with information about products, services, and promotions.
You can at any time choose not to receive marketing communications by e-mail, if you have previously subscribed to receive them, by clicking on the unsubscribe link within the marketing e-mails you receive from us.
If your employer provides your personal data to Kaspersky Lab, you may have certain options with respect to Kaspersky Lab’s use or disclosure of the information. Please contact your employer to learn about and to exercise your options.
To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to Kaspersky Lab’s use or disclosure of your personal data will mean that you cannot take advantage of certain Kaspersky Lab products or services.
Subject to applicable law, you may have the following rights:
The right to access personal data may be limited in some circumstances by the requirements of local law or technological measures, including where the data has been anonymized and therefore does not relate to an identified or identifiable natural person. If you wish to exercise these rights, you may at any time directly contact us at https://support.kaspersky.com/general/privacy.
If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please relate this to us, as it gives us an opportunity to fix the problem. You may contact us by using the contact details provided in the “How to Contact Us” section below. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.
The Privacy Principles
Personal data processing at Kaspersky Lab is based on the following principles:
     Consent and choice
Purpose legitimacy and specification
Data processing limitation
Use, retention and disclosure limitation
Accuracy and quality
Openness, transparency and notice
Individual participation and access
Information Security: How We Protect Your Privacy
Information security is Kaspersky Lab’s core business. All data and all information provided by you is confidential by default. Kaspersky Lab will therefore always apply technical and organizational data security measures for the protection of personal data that are adequate and appropriate, taking into account the concrete risks resulting from the processing of personal data as well as up-to-date security standards and procedures. In order to, among other reasons, identify and fulfill the appropriate level of protection, Kaspersky Lab classifies processing systems with personal data and implements cascading sets of protective measures.
Kaspersky Lab also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:
How to Contact Us
If you have any questions or comments about this Privacy Policy, Kaspersky Lab's privacy practices or if you would like us to update or remove information or preferences you provided to us, please visit https://www.kaspersky.com/global-privacy-policy, or you may contact our Kaspersky Lab EU representative via e-mail or phone: Kaspersky Labs GmbH, Ingolstadt, Germany, info@kaspersky.de, +49 (0) 841 98 18 90, according to point (a) of Article 13 (1) and Article 27 (1) of GDPR, or you may contact our Data Protection Officer in the EU, according to point (b) of Article 13 (1) and Article 37 (1) of GDPR, as well as for the other countries, via dpo@kaspersky.com.

© 2019 AO Kaspersky Lab. All Rights Reserved. The Software and any accompanying documentation are copyrighted and protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties.