SUPPLEMENTAL STATEMENT ON DATA PROCESSING (SUPPLEMENTAL STATEMENT) Supplemental Statement On Data Processing (hereinafter “Statement”) relates to the computer program Kaspersky Anti-Ransomware Tool for Business (hereinafter “Software”). All terms used in this Statement have the same meaning as defined in the “Definitions” clause of the End User License Agreement (EULA). This Statement along with the EULA for the Software, in particular in the Section “Conditions regarding Data Processing,” specifies the conditions, responsibilities, and procedures relating to transmission and processing of the data indicated in this Statement. Please carefully read the terms of the Statement, as well as all documents referred to in the Statement, before accepting it. When the End User uses the Software, the End User is fully responsible for ensuring that the processing of personal data of Data Subjects is lawful, particularly, within the meaning of Article 6 (1) (a) to (1) (f) of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) if Data Subject is in the European Union, or applicable laws on confidential information, personal data, data protection, or similar thereto. Data Protection and Processing The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder’s Privacy Policy published at: https://www.kaspersky.com/products-and-services-privacy-policy. Purposes of Processing Data During use of the Software, processing data is necessary to protect the End User from known threats to information security, as described in the User Manual. Processing data under this Statement could lead to an increase in the effectiveness of protection against information and network security threats provided by the Software. The purposes are achieved by: - determining the reputation of scanned objects; - identifying information security threats that are new and challenging to detect, and their sources; - taking prompt measures to increase the protection of the data stored and processed by the End User on the Computer; - reducing the likelihood of false positives; - increasing the efficiency of Software components; - investigating of infection of a user’s computer; - improving the performance of the Rightholder’s products; - receiving reference information about the number of objects with known reputation. Processed Data During use of the Software, the following data will be sent to the Rightholder automatically and on a regular basis under this Statement: - fragment content of the object being processed; - date and time when the certificate expires; - date and time when the certificate was issued; - version of list of revoked Software service`s decisions; - number of update-apply cycles for anti-virus databases; - date and time when the anti-virus databases were last updated and applied; - the Software database record version; - ID of the triggered record in the Software's anti-virus databases; - timestamp of the triggered record in the Software's anti-virus databases; - type of the triggered record in the Software's anti-virus databases; - release date and time of the Software's databases; - device ID; - information about system memory usage by the Software; - OS version, OS build number, OS update number, OS edition, extended information about the OS edition; - OS ID; - OS Service Pack version; - date and time of the OS launch; - Device Guard (windows) enablement status; - IP address; - operating system bit version; - version of the operating system installed on the user's computer; - ID of the key from the keystore used for encryption; - protocol used to exchange data with KSN; - encryption characteristics of data package that is being sent to KSN; - ID of data package that is being sent to KSN; - Software language ID; - fragment order in the object being processed; - data of the internal log, generated by the anti-virus Software module for an object being processed; - contents of the digital certificate being processed; - certificate issuer name; - public key of the certificate; - calculation algorithm of public key of the certificate; - certificate serial number; - date and time of signing the object; - certificate owner name and settings; - digital certificate thumbprint of the scanned object and hashing algorithm; - date and time of the last modification of the object being processed; - date and time of creating an object being processed; - detect characteristics; - objects or its parts being processed; - description of an object being processed as defined in the object properties; - format of the object being processed; - checksum type for the object being processed; - checksum (MD5) of the object being processed; - name of the object being processed; - Software name; - checksum (SHA256) of the object being processed; - size of the object being processed; - name of the detected malware or legitimate software that can be used to damage the user's device or data; - Software vendor name; - the Software's decision on the object being processed; - version of the object being processed; - source of the decision made for the object being processed; - checksum of the object being processed; - parent application name; - result of the module integrity check; - path to the object being processed; - directory code; - information about file signature check results; - OS bit size; - OS edition; - date and time of System Watcher start; - version of the Software's component; - full version of the Software; - Software update ID; - installation date and time for the Software; - Software installation ID (PCID); - Software health status after update; - type of installed Software; - format of the data in the request to Rightholder infrastructure; - the Software component ID; - logon session key; - encryption algorithm for the logon session key; - flag indicating whether the user has accepted the terms of the legal agreement while using the Software; - type of legal agreement accepted by the user while using the Software; - date and time when the user accepted the Agreement terms while using the Software; - version of the legal agreement accepted by the user while using the Software; - name of the module in which the failure probably occurred; - ID of the Software rebranding; - probability of sending statistics by System Watcher; - code of the event that took longer than the standard time to process by System Watcher; - database processing time of the event that took longer than the standard time to process by System Watcher; - processing delay time of the event about OS action in the behavioral analysis subsystem; - number of delayed OS action events of the current type; - maximum allowed time for processing an event by System Watcher; - processing delay time of the event about OS action in the proactive defense subsystem; - number of processed OS action events; - number of processed synchronous OS action events; - total delay of all OS action events of the current type; - processing delay time of the event about OS action in the persistent event storage subsystem; - processing time of the event that took longer than the standard time to process by System Watcher; - total number of events that took longer than the standard time to process by System Watcher; - total delay of all OS action events; - number of waiting synchronous OS action events; - date and time of detecting software by System Watcher; - number of the detected software in the System Watcher context; - reason of detecting software by System Watcher; - date and time of received event of an action in the OS; - code of the event that caused an event queue overflow while being processed by System Watcher; - number of events that caused an event queue overflow while being processed by System Watcher; - total number of queue overflows for events being processed by System Watcher; - time difference between the first event in the queue and the current event when sending statistics package by System Watcher; - type of the event that was timed out while being processed (klif/swmon); - major and minor numbers of the interception filter that caused the interception that was timed out while being processed in System Watcher; - ID of the interception that was timed out while being processed in System Watcher; - number of klif events that were timed out when sending statistics package by System Watcher; - queue size of the System Watcher events that were timed out while being processed; - number of System Monitor events that were timed out when sending statistics package by System Watcher; - duration of third-party software operation until the failure; - memory address with an offset, in which the third-party software failure occurred; - information about failure in third-party software; - name from the system log for the error occurred in third-party software; - storage time for object being processed; - algorithm for calculating the digital certificate thumbprint; - number of failed update installations for the updater component; - number of update installation error for the updater component; - error code of the update task; - update task type; - version of the updater component; - accessed address of the web service (URL, IP); - port number; - web address of the source of the web service request (referer); - web address being processed. Also, in order to achieve the declared purpose with respect to preventing false positives, the Rightholder may receive trusted executable and non-executable files or their parts. © 2019 AO Kaspersky Lab