This privacy notice sets forth:
Additional information on our personal data practices may be provided in special notices provided prior to or at the time of data collection.
Keep in mind that if you disclose to us personal data of employees or any other natural persons acting on your behalf or in cooperation with you, you have to inform them that we will process their personal data in accordance with this policy.
Generally, if your company or you directly (in case that you are a sole proprietor) contract with us to provide us with your products or services, or obtain products or services from us, such relationship requires processing of certain information for entering into contract, its performance and facilitating management of such relationship, including customer support.
On the basis of legal obligations, we process your personal data when it is necessary for compliance with our tax, accounting, anti-money laundering, or other legal obligations to which we are subject.
In addition, there may be other situations where we may need to process certain personal data in connection with operating our company, such as for public relations reasons or engaging in non-business communication. When we process personal data in this context we rely on our legitimate interest and other legal bases as stipulated below.
The relevant data subjects to whom the personal data processed by us relate, include employees and representatives of our business partners and other subjects, or, in case that you are a sole proprietor, of you personally.
The data processed for these purposes includes contact information, such as name, surname, title (position), email address, phone number, business and its seat, and other information relevant to the type of relationship with you, which may vary, such as, payment information, applicable rates, or discounts.
There may be special circumstances of processing applicable to the relevant category of business partners or other subjects which go as follows:
In order to sell our business-oriented products and services, we partner with resellers and distributors. If you are one of them, the following applies to you.
In addition to the data use described above, by acting as a reseller or distributor, you have access to and have all information linked to you recorded in your account in our databases. This helps Avast and you, in particular, with business management, deal registration and partner location, which is in our mutual legitimate interests.
You provide your personal data to us when you register as our partner through the Partner Portal. The information stored in our databases includes general identification and contact information we collect about our business partners in general (as described above), overview of communication and customer care cases, information about payments, lifetime value based on purchase, your credit with us (credit volume, available credit, etc.), applicable discounts, and preferences concerning newsletter subscriptions and Partner Locator participation (see below). Through our databases, we can also identify which license IDs relating to our products have been provided or sold by which reseller or distributor to sell. We also collect each registered and activated end user license key.
We have put in place a Partner Locator functionality, which allows our customers to find our reseller or distributor near them. The information published in Partner Locator includes business name and address and contact details, such as phone number and/or email contact. Participation in the Partner Locator is voluntary, and your data will not be published through Partner Locator if you have not granted your consent to such publication.
We also process certain service and device data for product and business improvement (i.e. business intelligence) to understand how you use our products, including websites, so that we can optimize and improve your user experience, as well as evaluate and improve our campaigns. We use necessary data to understand user conversions, acquisitions and campaign performance through various distribution channels, and users’ download, activation and interactions with our products. The insights that we learn in the process help us improve functionality, effectiveness, security and reliability of our current and future products and business activities. With respect to business intelligence, we rely on our legitimate interest as a legal basis for processing your personal data.
While we generally prefer using our own tools, we sometimes need to partner with other parties, which have developed and provided us with their own tools and expertise. If you use one of our products, you can find specific data used for product and business improvement and third-party tools used for this purpose listed under each product in our Products Policy.
When you decide to fill out a questionnaire or give us feedback in another form, we will use this information as a proxy for gauging the overall satisfaction with our products or services. We rely on our legitimate interest when processing your personal data for this purpose.
If you are our customer, or if you have subscribed to receiving commercial communication from us, we may send you newsletters or offers, which inform you of our new products and related opportunities. You may unsubscribe from receiving these newsletters and offers directly through the link in each email sent to you any time you want.
If your company or you directly (in case that you are a sole proprietor) use any of our products or services, it is necessary for us to process certain information to manage our business relationship with you. In addition to what is stated above, we may also process content of your communication with us. We process this data to be able to provide our products and services to you or your company.
In addition to the data use described above, you provide your personal data to us when you create an account for premium support. The information stored with the account in our databases includes general identification and contact information we collect about business customers in general (as described above), and contact details of persons entitled by you to premium support. Through our databases, we can also identify which license IDs relating to our products have been provided or sold to you.
Within our Customer Portal, you can decide to communicate with our chatbot, a service powered by artificial intelligence. We will process the information provided by you to respond on-the-fly to your questions and also to improve the chatbot, as it learns from your communication. The more questions you ask, the more helpful our chatbot will be in the future.
If you are our customer, or if you have subscribed to receiving commercial communication from us, we may send you newsletters or offers, which inform you of our new products and related opportunities. You may unsubscribe from receiving these newsletters and offers directly through the link in each e email sent to you any time you want.
We conduct activities in the area of public relations and associated external communications, through communication with journalists, media and other external communications concerning our activities or other events which are relevant or important to us.
If we process your contact information for these purposes, we use it to provide you in your capacity as a journalist or member or a representative of another media outlet to provide you with press releases, official statements or other similar information.
We conduct our other non-business communications for the purposes of organizing, carrying out, supporting and promoting our non-profit activities, supporting education and raising awareness about cybersecurity and privacy issues.
In this respect, we may use your personal data in order to contact you in connection with organizing and performing various types of events concerning these issues, such as workshops, seminars, panels or other educational or awareness-raising activities. We may reach out to you for this purpose if you are a member of a group or organization which concerns itself with these issues, an expert in the field or, a state authority which has granted its support to our activities, or, as the case may be, a school representative.
The sources of your personal data, including your contact information, other than the ones described below, may also include state authorities which have granted their support to our activities.
We gain your personal data described usually from communication with your company or directly from you, or from publicly available sources, such as company’s websites, if your company or you published this data for this purpose.
We do not take any decisions involving the use of algorithms or profiling that significantly affects you.
We only disclose your personal data within our group, with service providers that process data on our behalf and with public authorities, as required by applicable law.
If we disclose your personal data, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
Such service providers may include in particular professional consultants (including for defense or exercise of our rights), and marketing/survey/analytics/software suppliers.
For partners and business customers, these are our long-term partners and their tools which we use to process relevant personal data:
Furthermore, if you use one of our products, you can find relevant third-party tools listed under each product in our Products Policy.
Sometimes service providers, such as professional consultants, will be independent controllers of your data and their terms and conditions and privacy statements will apply to such relationships.
In certain instances, it may be necessary for us to disclose your personal data to public authorities or as otherwise required by applicable law.
No personal data will be disclosed to any public authority except in response to:
Like any other company, we too go through our own cycle of growth, expansion, streamlining and optimization. Our business decisions and market developments therefore affect our structure. As a result of such transactions, and for maintaining a continued relationship with you, we may transfer your personal data to a related affiliate.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, when applicable.
We are a global business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”). Regardless, we provide the same GDPR-level of protection to all personal data we process.
At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards, such as standardized contractual clauses approved by the European Commission, to ensure that your data remains safe and secure at all times and that your rights are protected.
Situations where we transfer personal data outside of the EEA include provision of our products and services, third-party analytic tools and the provision of support services. Further, an outside-EEA transfer may also occur in case of a merger, acquisition or a restructuring, where the acquirer is located outside of the EEA (see the Mergers, Acquisitions and Restructurings section).
We maintain administrative, technical, and physical safeguards for the protection of your personal data.
Access to personal data is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support, or who service accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed.
These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
We store your personal data in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to data are required to implement privacy and security practices that we deem adequate.
Access to personal data in our database by Internet requires using an encrypted VPN, except for email which requires user authentication. Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
We will hold your personal data on our systems only for the minimum period required to achieve the purpose for which it is processed:
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in the Czech Republic, in the United States, as well as anywhere we or our trusted service providers and partners operate.
In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.
You have the following rights regarding the processing of your personal data:
The fulfillment of data subject rights listed above will depend on the category of personal data and the processing activity. In all cases, we strive to fulfill your request.
We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to resolve the situation informally.
Where requests we receive are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request.
To exercise any of your rights, or if you have any other questions or complaints about our use of your Personal Data and its privacy, write to our Privacy Team through the most convenient channel below:
We are registered as Avast Software s.r.o. and our registered address is Pikrtova 1737/1a, 140 00 Prague 4, Nusle, Postal Code 140 00, Czech Republic. You can always reach us by email at email@example.com.
Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Avast team respond.
If you prefer, you can send paper mail to AVAST Software s.r.o., Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic. Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.
As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via firstname.lastname@example.org.