Your privacy and preferences

The General Data Protection Regulation (GDPR) is the European Union (EU)’s new privacy law and governs the processing and protection of personal data. It is also being adopted by countries like the United Kingdom that have incorporated the laws into their national legal framework. It introduces new principles affecting the way that companies treat personal data of their clients and users.

The buzz online now is the expected changes the GDPR brings. The GDPR takes effect on 25 May 2018. Some of you may already have noticed new pop-ups on various websites or applications notifying you of changes to their privacy policies and asking you to review and acknowledge them. This is because of the GDPR.

The GDPR introduces several new principles to ensure we stay accountable to you, for example, privacy by design, which means we take privacy into account through the entire process of systems engineering. The GDPR also expands upon the rights you have as a data subject under data protection law, such as the right to access, erase, change your personal data, and expands upon them with the right to object to certain types processing, the right of data portability and the so-called “right to be forgotten”.

Your privacy is very important to us and we commit to ensuring the continuing confidentiality and security of all data we collect and process. We also require that all parties which have access to our data adhere to strict security standards and common industry practices. This protects your privacy, whether you are an EU resident or not.

Teams across our operations—legal, product design, marketing, project management and IT—have been hard at work reviewing our existing processes and practices to identify those areas where we need to implement changes. Based on this analysis, we are putting solutions into place and adjusting our internal procedures—all to ensure that we fully comply with the GDPR requirements.

Some examples include:

• Putting in place a new Privacy Preference portal, which provides our users with access to view and correct their data profile, and an overview of the specific consents they have given for products they use. Users can also download their personal data from our system.
• Appointing a Data Protection Officer to monitor our compliance with the GDPR, provide advice where requested and cooperate with the supervisory authorities. The Data Protection Officer can be contacted at: dpo@avg.com
• Coordinating with our business partners to ensure they comply with all applicable data protection laws, including the GDPR.
• Unifying the AVG Privacy Policy and keeping its new style in line with the legal requirements of the GDPR by ensuring it is transparent and easy to understand.
• Training our employees whose jobs relate directly to handling user data to ensure that they thoroughly understand their new obligations and responsibilities, so that they can apply these new principles to their everyday work.

You can find the specific terms in our End User License Agreement (EULA) for each product, the AVG Privacy Policy, and the updated Avast Privacy Policy.

When you purchase a product or service from the AVG, we collect data to process your payment, such as your name, email address, phone number, and credit card number. This is personal data that comes from you. This data is kept separate from the other data we collect when you activate and use our products and services.

When you activate and use our products and services, we collect data needed to deliver the product functionality or the service, such as information about your device, your network used to access the internet, your applications and other software programs running on your device, and websites you visit. We collect this data to provide anti-virus detection and prevention, help you manage system optimization, to provide technical support, and to provide the functionality of the product you have downloaded. We also use this data to measure the performance of the products and services.

For more details please view the AVG Privacy Policy.

We limit the collection and retention of your personal data to what is adequate, relevant and necessary for our legitimate purposes (“data minimisation”). This means that following the expiration of the purposes for which we collected your personal data plus any additional period that is permitted or required by law, such as records we keep for compliance with taxation laws, we will either delete or de-identify the information from our systems. You will find more information in the AVG Privacy Policy.

For our paid and trial customers and registered users, you will be able to log in to our new Privacy Preference portal with your email address, which will be verified, to review how AVG processes your personal data. To change how AVG uses certain data, you may access product settings via the downloaded app, including deleting or blocking your data from certain secondary uses.

Users of our free products and services and users of our mobile apps, whose contact details are not collected when downloading or activating the AVG app, will not be able to access the Privacy Preference portal because we do not have their contact details. However, you may still be able to modify certain data use settings in your downloaded applications via Settings to manage such things as how AVG uses your usage data for third party analytics. Please note, AVG does not use all usage data for secondary uses, so if you do not see a data choice in your product setting for third party analytics, for example, this means AVG is not using your usage data from that product for third party analytics.

Some uses of your personal data are necessary for the functionality of your product or service, for example, if you contact us for technical support, we need your email address to contact you. For antivirus detection and prevention to function, the software requires access to your device.

See the AVG Privacy Policy for a full list of data uses.

We store personal data that is necessary to run the downloaded software, to provide functionality, to handle billings and renewals, for security research, internal statistics, analysing business performance indicators and marketing our products.

When you purchase products or services from us, your billing data such as name, email address, phone number, and credit card number are collected by our third-party service provider.

For purchases of our business products, the service provider is acting as our reseller; thus, you will be making your purchase from the service provider directly, and not from AVG or the Avast Group. When you purchase a mobile product, your billing data is collected by the app store where you purchased the product, such as Google Play and iTunes app stores.

The handling and storage of your billing data will be governed by any privacy policy or terms of service published by the service provider. Your invoice will show the name of the third party who is processing your order. To review data held by a third party, please contact the third-party company directly.

In general, no. We collect only your data that is necessary to process your payment, for authentication of your account, or to provide you product or service functionality. We reuse some of your data only when it is compatible with the original collection, such as, for security research, system analytics, reporting on trends, in-product messaging, and cross-product development. However, if the processing uses personal data where we need your freely given consent, we will give you the details about the processing in the consent. You have the right to withdraw the consent and we will stop the processing based on this consent, however, the withdrawal does not affect the previous processing conducted before the withdrawal. An example of when AVG may ask for your consent is when you have signed up for an AVG event or competition and we want to re-use your registration photo when marketing future events or competitions.

When you purchase products or services, your billing data, such as name, email address, phone number and credit card number, will be collected by our payment partner to process your purchase.

When you purchase products or services, your data such as IP Address will be collected by Google Analytics to help us analyze and improve on the purchase process.

When you call technical support, your data such as email address will be used by our support partner to provide you assistance with your problem.

When we have a software bug, a software crash, or a network failure, your data such as IP Address will be used by third party analytics such as Google Analytics and Firebase analytics to help us understand the failure.

Our Privacy Preference portal provides an overview of the email and privacy preferences for products that we have connected to the email address used for login. If you would like to change the preferences you see there, follow the directions below.

To change email preferences, scroll to the bottom of an email received from AVG and click the Unsubscribe link.

To change privacy preferences, go to the settings of your AVG product and locate Privacy settings.

Our new Privacy Preference portal provides paid or registered users of our Avast, AVG, and HMA! products and services with an overview of their basic data profile and allows them to submit corrections to their personal data stored by the Avast Group. It also gives users an overview of the specific consents they have given for products they use and allows them to download their personal data in machine-readable format (.json).

The portal is available via your email. Please note, the portal is only available to those users who register their email address with AVG when, for example, activating a paid product or service. Users of our free products and services and users of our mobile apps, whose contact details are not collected when downloading or activating the AVG app, will not be able to access the Privacy Preference portal because we do not have their contact details.

If you purchased products from Piriform and want to learn what personal data has been collected by them, please contact Piriform Support.

On the Personal Data page, you can view personal data that we have connected to the email address used for login. In the Consolidated Profile section, you may enter and submit corrections to your data.

Please note that for technical reasons, the changes you made will not appear immediately. Status: in progress will appear until your corrections have been processed.

On the Personal Data page, click Export Data in the top right corner of the screen. Your data will be exported and downloaded as an .json file. (This will normally appear in your computer’s Downloads folder.)

Generally, in the Privacy Preferences section you will see four categories or purposes for which we process your data, for each product currently licensed to you. In some cases, the specific product you use does not process data in a way that falls into one or more of these categories. In this case, the category or categories which do not apply to your product will not appear.

If you have questions, or need help using the Privacy Preference portal, contact AVG Support.

For questions specific to your data or rights according to GDPR, AVG's Data Protection Officer can be contacted at: dpo@avg.com