SUPPLEMENTAL STATEMENT ON DATA PROCESSING (SUPPLEMENTAL STATEMENT)

Supplemental Statement On Data Processing (hereinafter “Statement”) relates to Kaspersky Anti-Ransomware Tool for Business (hereinafter “Software”).

All terms used in this Statement have the same meaning as defined in the “Definitions” clause of the End User License Agreement (EULA).

Please carefully read the terms of this Statement, as well as all documents referred to in this Statement, before accepting it. If the Software is used within a legal entity or on the Computer used by several individuals, You must ensure that they have understood and accepted the conditions of this Statement before data processing begins.

Data Protection and Processing
The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder’s Privacy Policy published at: https://www.kaspersky.com/products-and-services-privacy-policy.

Purposes of Processing Data
If a technical problem occurs during the use of the Software, You may send files with diagnostic information under this Statement to the Rightholder in order to improve the Software.

Preparing and Providing Files with Diagnostic Information
Files with diagnostic information are prepared in accordance with the User Manual. The files with diagnostic information are not sent to the Rightholder without Your consent. While the files with diagnostic information are stored on Your Computer, You are responsible for monitoring and limiting access to them until You transmit them to the Rightholder. By accepting this Statement, You confirm the absence of confidential data in the files with diagnostic information.
You may open the files with diagnostic information and view their contents before You make the decision to send them to the Rightholder. 
With Your consent, the files with diagnostic information will be transmitted to the Rightholder, after which they will be deleted from your Computer. The transmission is performed using a secure channel.

Processed Data
Certain data which is processed under this Statement could be considered personal data according to laws of some countries. With Your consent, the following data will be sent to the Rightholder under this Statement:
Windows Event Trace Logs:
- information from the Windows event tracing tool (Event Tracing for Windows, ETW) and WMI (Windows Management Instrumentation) in the event of Software performance problems, suppliers of SysConfig / SysConfigEx / WinSATAssessment / Microsoft-Windows-TCPIP events from Microsoft: information about the Computer (computer name, model, manufacturer, form factor of the housing, version), information about Windows performance metrics (WinSAT assessments, Windows performance index), domain name, information about physical and logical processors (number of physical and logical processors, manufacturer, model, stepping level, number of cores, clock frequency, CPUID, cache characteristics, logic processor characteristics, indicators of supported modes and instructions), information about RAM modules (type, form factor, manufacturer, model, capacity, granularity of memory allocation), information about network interfaces (IP and MAC addresses, name, description, configuration of network interfaces, breakdown of number and size of network packages by type, speed of network exchange, breakdown of number of network errors by type), configuration of IDE controller, IP addresses of DNS servers, information about the video card (model, description, manufacturer, compatibility, video memory capacity, screen permission, number of bits per pixel, BIOS version), information about plug-and-play devices (name, description, device identifier [PnP, ACPI], information about disks and storage devices (number of disks or flash drives, manufacturer, model, disk capacity, number of cylinders, number of tracks per cylinder, number of sectors per track, sector capacity, cache characteristics, sequential number, number of partitions, configuration of SCSI controller), information about logical disks (sequential number, partition capacity, volume capacity, volume letter, partition type, file system type, number of clusters, cluster size, number of sectors per cluster, number of empty and occupied clusters, letter of bootable volume, offset address of partition in relation to the start of the disk), information about BIOS motherboard (manufacturer, release date, version), information about motherboard (manufacturer, model, type), information about physical memory (shared and free capacity), information about operating system services (name, description, status, tag, information about processes [name and PID]), energy consumption parameters for the Computer, configuration of interrupt controller, path to Windows system folders (Windows and System32), information about the OS (version, build, release date, name, type, installation date), size of page file, information about monitors (number, manufacturer, screen permission, resolution capacity, type), information about video card driver (manufacturer, release date, version), battery capacity, TPM characteristics;
- information from ETW, suppliers of EventTrace / EventMetadata events from Microsoft: information on the sequence of system events (type, time, date, time zone), metadata about the file with trace results (name, structure, trace parameters, breakdown of number of trace operations by type), information about the ОS (name, type, version, build, release date, start time);
- information from ETW, suppliers of Process / Microsoft Windows Kernel Process / Microsoft Windows Kernel Processor Power events from Microsoft: information about started and completed processes (name, PID, start parameters, command line, return code, power management parameters, start and completion time, access token type, SID, SessionID, number of descriptors installed), information about changes in thread priorities (TID, priority, time), information about disk operations of the process (type, time, capacity, number), history of changes to the structure and capacity of usable memory processes;
- information from ETW, suppliers of StackWalk / Perfinfo events from Microsoft: information about performance counters (performance of individual code sections, sequence of function calls, PID, TID, addresses and attributes of ISRs and DPCs);
- information from ETW, PerfTrackMetadata event provider: event information (version, type, type code), ETW provider identifier, OS information (OS script group name, OS script name, OS script GUID, OS activity performance level, system key), Windows SQM identifier; 
- information from ETW, supplier of KernelTraceControl-ImageID events from Microsoft: information on executable files and dynamic libraries (name, image size, full path), information on PDB files (name, identifier), VERSIONINFO resource data for executable files (name, description, creator, location, application version and identifier, file version and identifier);
- information from ETW, suppliers of FileIo / DiskIo / Image / Windows Kernel Disk events from Microsoft: information on file and disk operations (type, capacity, start time, completion time, duration, completion status, PID, TID, driver function call addresses, I/O Request Packet (IRP), Windows file object attributes), information about files involved in file and disk operations (name, version, size, full path, attributes, offset, image checksum, open and access options);
- information from ETW, supplier of PageFault events from Microsoft: information on memory page access errors (address, time, capacity, PID, TID, attributes of Windows file object, memory allocation parameters);
- information from ETW, supplier of Thread events from Microsoft: information on thread creation/completion, information on threads started (PID, TID, size of stack, priorities and allocation of CPU resources, I/O resources, memory pages between threads, stack address, address of init function, address of Thread Environment Block (TEB), Windows service tag);
- information from ETW, supplier of Microsoft Windows Kernel Memory events from Microsoft: information about memory management operations (completion status, time, quantity, PID), memory allocation structure (type, capacity, SessionID, PID);
- information about Software operation in the event of performance problems: Software installation identifier, type and value of drop in performance, information about the sequence of events within the Software (time, time zone, type, completion status, Software component identifier, Software operating scenario identifier, TID, PID, function call addresses), information about network connections to be checked (URL, direction of the connection, size of network package), information about PDB files (name, identifier, image size of executable file), information about files to be checked (name, full path, checksum), Software performance monitoring parameters;

© 2021 AO Kaspersky Lab