Avast is part of Gen™ - a family of trusted brands built for the next generation of digital life. Our mission is to create technology solutions for people to make the most of the digital world. Safely, privately, and confidently. To do so, we collect your personal data over the course of conducting business with you or business that you represent. We do not take your trust for granted so we’ve developed a Business Partner Privacy Policy that covers how we collect, use, disclose, transfer, and store your personal data.
This Business Partner Privacy Policy was last updated in June 20, 2025.
This Business Partner Privacy Policy describes how we handle and protect your personal data and the rights available to you regarding the relevant processing operations, if you act in the capacity of a business partner, our business customer (or their representative), media contact or other non-business contact person, as described below.
The Controller of your personal data is the Gen company you are in the contractual or other relevant relationship.
If you are a user of our products and services, the privacy notice that applies to you is located here: General Privacy Policy.
Additional information on our personal data practices may be provided in special notices provided prior to or at the time of data collection.
Keep in mind that if you disclose to us personal data of employees or any other natural persons acting on your behalf or in cooperation with you, you have to inform them that we will process their personal data in accordance with this policy.
Generally, if your company or you directly (in case that you are a sole proprietor) contract with us to provide us with your products or services, or obtain products or services from us, such relationship requires processing of certain information for entering into contract, its performance and facilitating management of such relationship, including customer support.
On the basis of legal obligations, we process your personal data when it is necessary for compliance with our tax, accounting, anti-money laundering, or other legal obligations to which we are subject.
We process Personal Data for network and information security purposes. This primarily covers the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.
Both as an organization in our own right, and as a provider of cybersecurity technologies and services which may include hosted and managed cybersecurity technology services, it is necessary for the functionality of our systems, products and services and in our legitimate interests as well as in our users’, to collect and process Personal Data to the extent strictly necessary and proportionate for the purposes of ensuring the security of our own, and of our users’ networks, devices, and information systems. This includes the development of threat intelligence resources aimed at maintaining and improving on an ongoing basis the ability of networks and systems to resist unlawful or malicious actions and other harmful events (“cyber-threats”) and monitoring of activities in our systems together with the use of analytics to identify and combat cyberthreats across all our services. This tool monitors your activity and detects anomalies and suspicious events in our systems and stores it for a necessary period of time. In case you use our systems, you may be contacted by our information security teams in case suspicious activity is detected under your account.
In addition, there may be other situations where we may need to process certain personal data in connection with operating our company, such as for public relations reasons or engaging in non-business communication. When we process personal data in this context we rely on our legitimate interest and other legal bases as stipulated below.
The relevant data subjects to whom the personal data processed by us relate, include employees and representatives of our business partners and other subjects, or, in case that you are a sole proprietor, of you personally.
The data processed for these purposes includes contact information, such as name, surname, title (position), email address, phone number, business and its seat, and other information relevant to the type of relationship with you, which may vary, such as, payment information, applicable rates, or discounts.
There may be special circumstances of processing applicable to the relevant category of business partners or other subjects which go as follows:
In order to sell our business-oriented products and services, we partner with resellers and distributors. If you are one of them, the following applies to you.
Partner Portal
In addition to the data use described above, by acting as a reseller or distributor, you have access to and have all information linked to you recorded in your account in our databases. This helps Avast and you, in particular, with business management, deal registration and partner location, which is in our mutual legitimate interests.
You provide your personal data to us when you register as our partner through the Partner Portal. The information stored in our databases includes general identification and contact information we collect about our business partners in general (as described above), overview of communication and customer care cases, information about payments, lifetime value based on purchase, your credit with us (credit volume, available credit, etc.), applicable discounts, and preferences concerning newsletter subscriptions and Partner Locator participation (see below). Through our databases, we can also identify which license IDs relating to our products have been provided or sold by which reseller or distributor to sell. We also collect each registered and activated end user license key.
We have put in place a Partner Locator functionality, which allows our customers to find our reseller or distributor near them. The information published in Partner Locator includes business name and address and contact details, such as phone number and/or email contact. Participation in the Partner Locator is voluntary, and your data will not be published through Partner Locator if you have not granted your consent to such publication.
Business Intelligence
We also process certain service and device data for product and business improvement (i.e. business intelligence) to understand how you use our products, including websites, so that we can optimize and improve your user experience, as well as evaluate and improve our campaigns. We use necessary data to understand user conversions, acquisitions and campaign performance through various distribution channels, and users’ download, activation and interactions with our products. The insights that we learn in the process help us improve functionality, effectiveness, security and reliability of our current and future products and business activities. With respect to business intelligence, we rely on our legitimate interest as a legal basis for processing your personal data.
Systems, Apps and Network security
We monitor user activity, anomalies and suspicious events in our systems. You may be contacted by our information security teams in case suspicious activity is detected under your account.
Feedback
When you decide to fill out a questionnaire or give us feedback in another form, we will use this information as a proxy for gauging the overall satisfaction with our products or services. We rely on our legitimate interest when processing your personal data for this purpose.
Commercial Communication
If you are our customer, contractual partner or if you have subscribed to receiving commercial communication from us, we may send you newsletters or offers, which inform you of our new products and related opportunities. You may unsubscribe from receiving these newsletters and offers directly through the link in each email sent to you any time you want.
If your company or you directly (in case that you are a sole proprietor) use any of our products or services, it is necessary for us to process certain information to manage our business relationship with you. In addition to what is stated above, we may also process the content of your communication with us. We process this data to be able to provide our products and services to you or your company.
Customer Portal
In addition to the data use described above, you provide your personal data to us when you create an account for premium support. The information stored with the account in our databases includes general identification and contact information we collect about business customers in general (as described above), information about products, support case management, and contact details of persons entitled by you to premium support. Through our databases, we can also identify which license IDs relating to our products have been provided or sold to you.
Within our Customer Portal, you can decide to communicate with our chatbot, a service powered by artificial intelligence. We will process the information provided by you to respond on-the-fly to your questions and also to improve the chatbot, as it learns from your communication. The more questions you ask, the more helpful our chatbot will be in the future.
Business Intelligence
We also process certain service and device data for product and business improvement (i.e. business intelligence) to understand how you use our products, including websites, so that we can optimize and improve your user experience, as well as evaluate and improve our campaigns. We use necessary data to understand user conversions, acquisitions and campaign performance through various distribution channels, and users’ download, activation and interactions with our products. The insights that we learn in the process help us improve functionality, effectiveness, security and reliability of our current and future products and business activities. With respect to business intelligence, we rely on our legitimate interest as a legal basis for processing your personal data.
While we generally prefer using our own tools, we sometimes need to partner with other parties, which have developed and provided us with their own tools and expertise. If you use one of our products, you can find specific data used for product and business improvement and third-party tools used for this purpose listed under each product in our Products Policy.
Feedback
When you decide to fill out a questionnaire or give us feedback in another form, we will use this information as a proxy for gauging the overall satisfaction with our products or services. We rely on our legitimate interest when processing your personal data for this purpose.
Commercial Communication
If you are our customer, or if you have subscribed to receiving commercial communication from us, we may send you newsletters or offers, which inform you of our new products and related opportunities. You may unsubscribe from receiving these newsletters and offers directly through the link in each email sent to you any time you want.
We conduct activities in the area of public relations and associated external communications, through communication with journalists, media and other external communications concerning our activities or other events which are relevant or important to us.
If we process your contact information for these purposes, we use it to provide you in your capacity as a journalist or member or a representative of another media outlet to provide you with press releases, official statements or other similar information.
We conduct our other non-business communications for the purposes of organizing, carrying out, supporting and promoting our non-profit activities, supporting education and raising awareness about cybersecurity and privacy issues.
In this respect, we may use your personal data in order to contact you in connection with organizing and performing various types of events concerning these issues, such as workshops, seminars, panels or other educational or awareness-raising activities. We may reach out to you for this purpose if you are a member of a group or organization which concerns itself with these issues, an expert in the field or, a state authority which has granted its support to our activities, or, as the case may be, a school representative.
The sources of your personal data, including your contact information, other than the ones described below, may also include state authorities which have granted their support to our activities.
Processing of personal data during our live events is governed by our General Privacy Policy.
We gain your personal data described usually from communication with your company or directly from you, or from publicly available sources, such as company’s websites, if your company or you published this data for this purpose.
We do not take any decisions involving the use of algorithms or profiling that would significantly affect you.
We only disclose your personal data within our group, with service providers that process data on our behalf and with public authorities, as required by applicable law.
If we disclose your personal data, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
We may use contractors and service providers to process your personal data for the purposes described in this Business Partner Privacy Policy.
Such service providers may include in particular professional consultants (including for defense or exercise of our rights), and marketing, survey, analytics, or software suppliers.
Furthermore, if you use one of our products, you can find relevant third-party tools listed under each product in our Products Policy.
Sometimes service providers, such as professional consultants, will be independent controllers of your data and their terms and conditions and privacy statements will apply to such relationships.
In certain instances, it may be necessary for us to disclose your personal data to public authorities or as otherwise required by applicable law.
No personal data will be disclosed to any public authority except in response to:
Like any other company, we too go through our own cycle of growth, expansion, streamlining and optimization. Our business decisions and market developments therefore affect our structure. As a result of such transactions, and for maintaining a continued relationship with you, we may transfer your personal data to a related affiliate.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, when applicable.
We are a global company and process personal data in many countries. As part of our business, your personal data may be transferred to Gen Digital Group and/or its subsidiaries and affiliates in the United States, and to subsidiaries and third-party vendors of Gen Digital located worldwide. All transfers will occur in compliance with the applicable data transfer requirements laws and regulations.
Gen Digital has certified to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom, and Switzerland to the United States. Click here to access the Gen Digital Inc. Data Privacy Framework Notice.
If your personal data originates from the European Economic Area and is transferred to Gen Digital subsidiaries, affiliates, or third-party vendors engaged by Gen Digital to process such personal data on our behalf who are located in countries that are not recognized by the European Commission as offering an adequate level of personal data protection, such transfers are covered by alternate appropriate safeguards, specifically Standard Contractual Clauses adopted by the European Commission.
Situations where we transfer personal data outside of the EEA include provision of our products and services, third-party analytic tools and the provision of support services. Further, an outside-EEA transfer may also occur in case of a merger, acquisition or a restructuring, where the acquirer is located outside of the EEA (see the Mergers, Acquisitions and Restructurings section).
We maintain administrative, technical, and physical safeguards for the protection of your personal data.
Access to personal data is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support, or who service accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed.
These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
We store your personal data in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to data are required to implement privacy and security practices that we deem adequate.
Access to personal data in our database by the Internet requires using an encrypted VPN, except for email which requires user authentication. Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
We will hold your personal data on our systems only for the minimum period required to achieve the purpose for which it is processed:
You have the right to information about whether and how we process your personal data, the right of access to your personal data, and the right to rectification and erasure of personal data or restriction of processing. You have the right to object to the processing of your personal data as well as the right to data portability. You also have the right to lodge a complaint with the supervisory authority. Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. More details about your rights can be found in our General Privacy Policy.
You have the following rights regarding the processing of your personal data:
The fulfillment of data subject rights listed above will depend on the category of personal data and the processing activity. In all cases, we strive to fulfill your request.
We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to resolve the situation informally.
Where requests we receive are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request.
To exercise any of your rights, or if you have any other questions or complaints about our use of your Personal Data and its privacy, write to our Privacy Team through the most convenient channel below:
Email: dpo@GenDigital.com
By mail:
Avast Software s.r.o.
Pikrtova 1737/1a, 140 00 Prague 4, Nusle, Postal Code 140 00, Czech Republic.
Gen Digital Inc. – Privacy Team
60 East Rio Salado Parkway, Suite 1000
Tempe, AZ 85281
United States
As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our Group data protection officer via DPO@GenDigital.com
Name of the DPO: Pembroke Privacy Ltd
We reserve the right to revise or modify this Privacy Policy. In addition, we may update this Privacy Policy to reflect changes to our data practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.