1. Our Policy’s Aims
1.3 Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, identification number, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic, cultural or social identity or other information that is specific to you.
1.4 We do not mean information that only refers to a business corporation or organization. We also do not mean information that has been "anonymized," either by removing or de-identifying all specific identifiers. Anonymous data is not personal data when the anonymization is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.
1.5 As a data controller, we commit ourselves to protecting the privacy of our website visitors and users of our products and services with respect to the processing of your personal data.
1.6 Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.
1.7 Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards. Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseudonymized. For example, the processing of your personal data may be for the business-related process of counting users, products, sales and various metrics. We also share statistical data that has been anonymized and aggregated geographically and so, cannot be used to identify individuals, with third parties for trend analytics.
1.8 Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain. The length of this retention and how you may choose to request that we delete some or all your personal data and the consequences of the deletion are explained in this policy.
1.9 Some of the legal bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.
1.11 We strive to keep the policy easy to understand and transparent, and so we refrain from technical information overload. If you wish to have further details on how we process your personal data, please contact us.
2. Talk to Us about Your Data
2.1 We try to ensure that the users of our products and services always have an open line of communication with us. You can contact us at any time if you any questions, queries or requests about your personal data and, if European law applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data. We appreciate if you reach out to us first before you approach any supervisory authorities or courts.
2.2 In order to make it easier for you to reach out to us and obtain the necessary information and action changes, corrections or deletions of your personal data, we have decided to provide you with a privacy preference portal.
2.3 Aside from the privacy preference portal, you can also submit your requests through more traditional channels. We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to settle the matter informally.
2.4 There could be instances where you are using our products or services, but we do not have your personal data, even though you have purchased our products or services. These include situations where you purchase our products from our service provider, a reseller, or an app store. Because your relationship in these cases is with that service provider, reseller or an app store, we do not actually have your personal data and will not be able to perform your request to access or delete your information. In such circumstances, please contact your service provider, reseller, or app store where you purchased the products or services, as this person is the primary controller of your personal data.
3.1 Online activities
Any personal data collected from you when you visit our websites or use our products or services
3.2 Phone contacts
Any personal data collected from you when you call us for sales, service, or customer support.
3.3 Offline contacts
Any personal data collected from you at a "live" or in-person event such as a trade show or promotion.
3.4 Reseller information
Any personal data, including contact information such as telephone number and email address, collected from Avast resellers or sub-resellers.
3.5 Other circumstances
Any personal data collected from you when you contact us by email or by clicking the "report a virus" link on our website or by requesting online service or support, or opening a support ticket, or through our media contact or news subscription services, or other occasions.
4.1 Third Party Sites
·Clicking on a thumbnail or profile link on our "Community" pages
·Submitting a search query
When you submit a search query via an app like AVG Secure Search or through Avast Secure Browser, you are indicating that you consent to having your search query and history transmitted to third party search providers and to being redirected to third party sites, where the privacy policies of the third parties apply.
·Third party links
·Third party privacy practices
5. Disclosing Your Personal Data to Third Parties
5.1 Disclosure to third parties
We are required to disclose your personal data to unrelated third parties in limited circumstances:
·where necessary to satisfy a legitimate government request or order;
·in compliance with a legal requirement by a court of law or in the public interest;
·in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
·if we obtain your permission; or
·if necessary to defend ourselves or our users (for example, in a lawsuit).
5.2 We are also required in a few limited situations to share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party working for us, we may share your personal information with the third party to respond to your request. This third party may also transmit back to us any new information obtained from you in connection with providing the service or product.
5.4 We offer third party browsers to new users of certain products, such as our antivirus products. Whether you install the third party browser is in your discretion.
5.5 For certain mobile products, we offer third party ads. While we do not share your personal data with the ad network, data from your device including its IP Address, is used by the ad network to enable the delivery of the ads. If you do not want to view third party ads, you have the choice to change to a paid version of the product. If you are served a third party ad and you click on the ad, your data will be governed by the relevant third party whose ad you clicked on.
5.6 We reserve the right to store and use the information collected by our software. We may publish or share that information with third parties that are not part of the Avast Group, but we will only ever do so after anonymizing the data.
6. International Transfers of Your Personal Data
6.1 We are a global business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”), where the level of protection provided by the laws of these countries may be different than the high standard enshrined in the GDPR. Regardless, we provides the same GDPR-level of protection to all personal data it processes.
At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards, such as standardized contracts approved by the European Commission, which legally bind the receiving party to adhere to a high level of protection, and to ensure that your data remains safe and secure at all times and that your rights are protected.
Situations where we transfer personal data outside of the EEA include provision of our products and services, processing of transactions and your payment details, and the provision of support services.
7. Sharing of Information among Avast Entities
7.1 Our data collection and management practices do not vary by location. We follow the same “data minimisation” procedure with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one member of the Avast Group to another.
7.2 We reserve the right to store and use the information collected by our software and to share such information among the Avast Group to improve our current and future products and services, to help us develop new products and services, and to better understand the behaviour of our users.
7.3 Any reference in this policy to “Avast Group” means Avast, its, direct and indirect, parent companies and any company that is, directly or indirectly, controlled by or under common control with Avast or its parent companies.
8. Storage, Retention, and Deletion of Your Personal Data
8.1 Storage of Information
We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf.
The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorised personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
8.2 Access by our contractors
We or our contractors, subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.
8.3 Retention and Deletion of Your Personal Data
We retain and delete the various types of personal data we collect in compliance with the legal requirement that personal data be kept in a form that permits identification of our data subjects for no longer than is necessary for the purposes for which the personal data is being processed.
We will not keep your personal data in a form that allows you to be identified for longer than reasonably necessary with regards to the purpose for which the information was collected. We will also anonymize and aggregate data to the extent possible.
In general, we strive to delete or obfuscate Internet Protocol (IP) addresses within 60 days when the purpose for which they were collected has been fulfilled. We may retain online identifiers, location data and other personal data for statistical purposes as permitted under applicable law.
We may also amend the personal data we keep in such a way that you cannot be identified, for example, by hashing. We may retain a “key” to the hashing, but we will securely store it separately from the hashed data.
We will only keep your personal data for additional periods following the expiration of the purpose for which we collected it when permitted as compatible for our legitimate interests or required by law, for example tax, contract, secrecy or criminal laws. Otherwise, your personal data will be automatically deleted from our system once the legal basis for the collection and processing has been fulfilled.
If you are an active paid user, we need to retain your personal data for mailing or billing purposes. If you subscribe to a recurring newsletter, we will keep your information to continue to fulfil your subscription request. In the case of Avast Forum, Support Portal, or Avast news and blogs, your account data is kept active until you delete it.
If you participate in a giveaway or promotion that we offer, we will retain your data long enough to administer the promotion, plus any additional time that is permitted or required by law.
For the purpose of licensing products that are registered on a periodic basis, we will keep your personal data on the legal basis of contractual necessity for as long as you are actively using the product and thereafter for legal compliance. Thereafter, your personal data will be deleted.
9. How You Can Request Deletion
9.1 You may request Avast to delete your personal data by submitting a request ticket here. However, please note, if you have not registered your email with Avast before requesting deletion of personal data, we will not respond to you. We will not keep your email address if we do not have an email match in our system of registered users.
9.2 In some circumstances and to the extent permitted by law, for example, to provision the service or contract, for compatible use for our legitimate interests, under national tax, contract, criminal, or secrecy laws, we may retain your personal data despite your requests for erasure.
10. Effects of Request – How Long Before Deletion and Consequences of Deletion
10.1 Depending on what you request and how many requests we receive, it is possible for your requests to be actioned from within a day to three months. For example, paid, trial and registered customers may log-in to the GDPR portal to request a change of address and we will give effect to this typically within a couple days.
10.2 If you request the erasure of your data (“right to be forgotten”), we will generally action this within 30 days, which may only include a record in our system that once the legal basis for processing your personal data has been fulfilled, your personal data needs to be promptly deleted.
11. Data Security
11.1 Safeguards for protection of personal information
We maintain administrative, technical, and physical safeguards for the protection of your personal data.
11.2 Administrative safeguards
Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
11.3 Technical safeguards
We store your personal information in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and security practices that we deem adequate.
11.4 Physical safeguards
Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
11.6 Notification in the event of breach
In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected.
We may tailor the method of notice depending on the circumstances. Where the only contact information that we have for you is an email address, then the notification will necessarily be by email. We may also elect to give you notice via our in-product messaging system. Where we believe there are affected users for which we have no contact information on file, we may give notice via publication on our company website.
We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
12. Other Jurisdictions
Residents of the Russian Federations
We collect and process personal data on the territory of the Russian Federation in strict compliance with the applicable laws of the Russian Federation.
We collect and process personal data (including sharing it with third parties) only upon the consent of the respective individuals, unless otherwise is provided for by the laws of the Russian Federation. You will be asked to grant your consent by ticking the respective box / or clicking “I accept” button or through similar mechanism prior to having access to the site, and/or when submitting or sharing the personal data we may request. We collect and use your personal data only in the context of the purposes indicated in the consent to processing of personal data.
We (directly or through third party contractors specifically authorized by us) collect, record, systematize, accumulate, store, actualize (update and amend), extract personal data of the Russian Federation citizens with the use of databases located on the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process personal data of Russian citizens using databases located outside of the Russian Federation subject to compliance with Russian data protection legislation.
We undertake all the actions necessary to ensure security of your personal data.
You are legally entitled to receive information related to processing your personal data. To exercise this right, you have to submit a request by e-mail at: email@example.com with the headline “PRIVACY REQUEST” in the message line.
You have the right to revoke the consent at any time by sending us an e-mail at: firstname.lastname@example.org with the headline “PRIVACY REQUEST” in the message line. Once we receive the revocation notice from you we will stop processing and destroy your personal data, except as necessary to provision the contract or service to you. However, please note once you have revoked your consent, we may not be able to provide to you the products and services you request, and may not be able to ensure proper work of our products.
We do not transfer your personal data to the countries that under Russian law are not deemed to provide adequate protection to the individuals’ rights in the area of data privacy.
We do not offer, sell or otherwise make available our products or services that have access to, collect and process (or allow us to do the same) personal data of third parties in the Russian Federation without the consent of such third parties.
If any provisions of this Policy contradict the provisions of this section, the provisions of this section shall prevail.
Your California Privacy Rights
13. Policy Changes
13.3 Where the changes are major, we will notify you by email if you have an Avast account or through posts on our website.
14. Contacting Us
14.1 We are registered as Avast Software s.r.o. and our registered address is Pikrtova 1737/1a, 140 00 Prague 4, Nusle, Postal Code 140 00, Czech Republic.
14.2 Dispute resolution
We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, please contact us.
14.3 Contact Details
·You can always reach us by email athttps://support.avg.com/en-usm. Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Avast team respond.
·If you prefer, you can send paper mail to AVAST Software s.r.o., Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic. Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.
15. Data Protection Officer
15.1 As required under the GDPR, we have a data protection officer (DPO)to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities.You can contact our data protection officer email@example.com.
What Happens to Your Data
Let us take you into the intricacies of what happens to your data. You may like to navigate directly to the sections as follows:
The personal data we collect may come directly from you or we may obtain it from other sources, such as our service providers and resellers.
We want you to understand the types of personal data we process and if we do not obtain your personal data directly from you, the source we used, and the specific data collected.
We collect personal data for these reasons: to process the purchase of a product or service; to provision the product or service to you; and for the legitimate interests of us. We use no more than the minimum amount of personal data needed for the processing. We also use personal data only when the processing is necessary for our or our third party’s legitimate interests.
When our use of your personal data is based on the legitimate interests of us and is compatible with the provision of service, you have the right to object. In some cases, you may exercise your right to object directly, for example you may unsubscribe to email marketing messages or you may choose to turn off data use in the applicable product settings; in other cases you may notify us hereand we will investigate the grounds relating to your particular situation.
Avast is a global business and we have operations and personnel around the world who process personal data. We have standard contractual clauses in place among its affiliates which govern the transfer and use of personal data.
In the following sections, we explain the personal data we collect. Please be mindful that some of the categories may collect the same personal data.
B. Choice and Portal
You can make certain choices about how your data is used by us. For example, if you have purchased a product or service from us, you will be able to choose how data collected from you is used. This choice is made in the relevant product settings. Please note, if you purchased a product from us and in your product settings you do not see one or more of these choices, it means your collected data is not being used in that particular category. The choices are:
·Cross-product direct marketing: – when we offer you another product from a company within our group.
·Cross-product development – when we collect data from one product and use it for the development of another product.
·Third Party Ads – when we offer any third-party products.
·Third party analytics – when we share your data with a third party for analytics, such as purchase optimization, crash reporting, and trend analytics. Note, all free users and paid customers can choose to turn of this feature.
We have a portal where we will show you the Billing Data (defined below) and Account Data (defined below) we have collected from you as well as your email preferences. In general, only Billing Data and email addresses collected directly by us, AVG, and HMA!, will be currently available for viewing in the portal. If you purchased CCLeaner products and want to see the Billing Data collected from you, please contact Piriform here.
Likewise, if you purchased our products from a reseller or a distributor (e.g. business products) or you purchased a mobile product from an app store (e.g. Google Play or Apple App Store) we will not display your Billing Data in the portal because we do not have it; the reseller, distributor, or app store does. You would need to request a view of your Billing Data from your reseller, distributor, or app store. Also, for the Billing Data that we do collect, as we store it and use it separately from your Service Data, we will not display any of your Service Data in the portal.
If you have purchased a product directly from us, through one of its third party service providers, or you have requested support from one of our technical support providers, or you have registered an Account with us, you will need to use the same email address you previously provided us to login to the portal. If you have never purchased a product or provided us with your email address (e.g. you are a free user, a mobile user, or a mobile paid customer), you will not be able to access the portal, because we do not have any Billing Data or email address collected from you.
The portal is for your convenience only. It is generally read only. This means, you are able to see your choices but not able to edit your choices in the portal. To edit your choices, you need to do so in the applicable product settings.
Paid Products and Services for your personal computer
When you purchase "premium" or pay for products or services for your personal computer, the billing is handled by a third-party service provider. The service provider is acting as our agent; thus, you will be making your purchase from the service provider directly, and not from us.
If you purchase a "premium" or paid product or service, we, through our third-party service providers, will collect your name, email address, credit card number, and in certain circumstances, your billing address and your phone number (collectively “Billing Data”). Your Billing Data will be retained for as long as is necessary to complete payment, including any renewal periods.
Your Billing Data is collected by our third-party service providers only where necessary for the purposes of processing or refunding your payments, or so that they can communicate with you. Your Billing Data may also be retained for legal reasons, for example, taxation.
The third-party service provider may transmit your Billing Data (excluding credit card number) to us. We use the Billing Data to create a record of its software installations or service requests.
We may process and store the Billing Data we receive, to verify your registration or license status, to contact you about the status of your account, or for renewal of your subscription, if applicable. We process the Billing Data as necessary for the provision of the contract and service.
In all cases where your credit card number is processed by a third-party service provider, we have determined that the service provider follows data privacy and security procedures that we deem adequate. Some of these third-party service providers are subject to the enhanced data privacy rules of the European Union. Others have self-certified annually to comply with the EU-US Privacy Shield or the Swiss-US Privacy Shield.
In all cases such third-party service providers have executed agreements with us promising not to use your personal data for their own marketing purposes, and not to share this information with other parties for their unrestricted use.
We store your Billing Data separately from your Service Data (defined below).
We may change service providers as we carry out our business. In that case, your Billing Data will be transferred from one service provider to another. When this happens, you will be informed of such transfer.
Paid Products and Services for your mobile device
When you purchase "premium" or pay for products or services for your mobile device, the billing is handled by a third-party app store, such as Google Play and Apple iTunes. You will be making your purchase from the third party app store directly, and not from us.
Your Billing Data is collected by the third party app store and your Billing Data is not shared with us.
Paid Products and Services for your business
When you purchase "premium" or pay for products or services for your business, the billing is handled by our reseller or distributor. You will be making your purchase from the reseller or distributor directly, and not from us.
Your Billing Data is collected by the reseller or distributor. Your Billing Data, excluding your credit card number, may be shared with us. We use the Billing Data to create a record of the software installations.
We may process and store the Billing Data we receive, to verify your registration or license status. But, generally, we will not contact you. Your reseller or distributor will contact you about the status of your account, or for renewal of your subscription. We process the Billing Data as necessary for the provision of the contract and service.
In some instances, we change resellers or distributors as we carry out our business. In that case, your Billing Data will be transferred from one reseller or distributor to another. When this happens, you will be informed of such transfer.
What about Free Products?
You are not required to disclose Billing Data to download our free products and services for your PC and mobile device, which includes free AntiVirus, free mobile security, and free CCLeaner for desktop. However, our free CCLeaner cloud product does require you provide your name and email address to register for the product.
We directly or through our third party technical support service provider(s) collect your name, email address, phone number(s), home or work address, or other information by which we may identify you while providing technical support. We need this data for verification and to communicate with you about your support request.
In cases where you request individual support or assistance we may ask you to provide information about your device or computer, your means of accessing the Internet, or information about your internet service provider. To provide the technical support we also collect data that may include your email address, IP Address, information about your hardware and software, the URLs of sites you have visited, files stored on your computer (including potentially dangerous or infected files), email messages (whether stored on your computer or elsewhere), information regarding senders and receivers of email messages, and the like. If you request support, we may offer you the option of accepting a remote session in which we take control of your device or computer in order to help you resolve the issue.
Information collected while providing the support will not be used for secondary purposes, other than, we may use your email address to send you information about other us products or services. If you contact us for support, we may suggest that you upgrade or update products or services. Information and data connected to provision of support will be retained by us to have a history of support requests and for support research purposes.
When we collect your email address, we may market our other products and services to you. You may choose to unsubscribe from future email marketing by following the instructions in the email.
Generally, we do not serve third party ads in its products for the personal computer. We may serve third party ads in its free products for mobile devices.
To be able to offer you our services for free, we show third party ads within your mobile apps through popular ad networks, such as Google's AdMob, Twitter’s MoPub, InMobi and Facebook Audience Network. We display an AdChoices logo on top of every ad. You can tap the icon to learn more about the ad network and find options for personalization through that network.
To enable the ad, we embed a third-party software development kit (SDK) for these ads. The SDK code is provided by third party ad agencies or networks.
Data of our free mobile users remain anonymous to us and to the third party ad agencies. However, the ad agencies’ SDK code will collect data to build profiles to tailor ads to you. The SDK may collect information such as the third-party apps you installed on your device, your Android advertising identifier, your IP Address, your device's operating system details and MAC address, and other statistical and technical information.
If you do not want to view third party ads, you may uninstall the free mobile product and/or choose an available paid version of mobile products, which do not serve third party ads.
The GUID is a randomly generated number that we assign to each installation of software. For paid customers of products and services for your personal computer, the GUID is connected to your Billing Data. For free users of products and services for your personal computer and your mobile deice, and for paid customers of business and mobile products and services, as there is no Billing Data collected by us, the us GUID is disconnected from personal data.
We use common information-gathering tools, such as cookies, pixel tags and Web beacons, to collect information about your general internet usage. When you visit our websites, a cookie file is stored on your browser or the hard drive of your device. Technologies such as: cookies, beacons, tags and scripts are used by us and our marketing partners, affiliates, or analytics or service providers (e.g. payment processor, etc.). These technologies are used in analyzing trends, administering the site, tracking your movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. You authorize us and agree that we may place cookies or tracking technologies on your device.
Across all of our websites, we may use the following cookies or tracking technologies:
analytics & tracking
analytics & tracking
analytics & tracking
analytics & tracking
Visual Website Optimizer
analytics & tracking
analyticst & tracking
Please note that not all of our websites use all of these cookies.
We collect your IP Address to provision your product or service. We also use the IP Address with mobile products to serve ads. We strive to replace your IP Address within sixty days of collecting it with your city and country or we hash your IP Address.
We sometimes communicate with you using a technique known as "in-product messaging." In-product messaging may be used in the following scenarios:
·when your license is about to expire;
·when you update or upgrade an us program;
·when a virus database is updated;
·when you visit an infected webpage;
·when a monthly security report is prepared for you; or
·in other cases where user communication is necessary for provision of our products or services.
We also use in-product messaging to notify you of different products or upgrades to existing products and services. Data used for in-product messaging is connected to the GUID for in-product messaging to function. For free users, this data remains anonymous and for paid customers, the data is pseudonymized.
Billing Data is however not used for in-product messaging. In-product messaging also permits your computer or device to transmit information to our servers including technical data, virus definitions, security, and technical information about your hardware.
The data may be used to offer you a discount on a new product based on your past purchases. Data is also used for analytical and statistical purposes, product updates, quality control, and in-product and feature design. Premium or paid customers can manage In-product messaging for marketing purposes in the applicable product settings.
Service Data is collected from your use of our websites, products, and services.
Service Data is used primarily to provision the products or services. Service Data is also used for the compatible and legitimate uses of research, to compile statistics, analytics, aggregated reporting, product development, In-product messaging, and direct marketing. Before Service Data is used for secondary purposes, us pseudonymizes or anonymizes the Service Data.
For all Service Data,we practice “data minimization”, which means we limit our collection and retention of your data to only what is necessary, adequate and relevant to achieve our processing purpose.
Below we list our products and the Service Data that each collects. There may be other products (current or future) that require us to collect certain types of personal data to enable full product functionality. We will always inform you prior to collecting any such information, usually in the terms of service or end user license agreement (EULA) or the privacy notice applicable to the product or service. Personal data collected as part of Service Data is necessary to the provision of the product functionality. When personal data is no longer needed we limit or stop using it in line with the minimization principle. For example, your email, the URLs of websites you have visited, your files, are scanned for malware detection and protection; then we remove your email address and other personal data or we hash any identifiers turning the Service Data into pseudonymized or anonymized data for paid users and anonymized data for free users before we re-use the Service Data for research, analytics, statistics, reporting, cross-product development, in-product messaging, and marketing..
The primary processing of Service Data will be to perform the contract to provision the product or service to you. The secondary processing of Service Data will be as compatible for the legitimate interests of us to provide you the benefits of research, analytics, cross-product development, and cross-product in-product messaging. If we need to process your Service Data for a purpose that requires consent, we will notify you separately of this and the general rules of providing and withdrawing consent shall apply.
Website Log Files
We collect the information in the form of server log files that tell us generally about the visitors to our site, which may include general geographic regions, length of visits, the webpages you request, the URLs of the site you were viewing before clicking on our websites, your IP Address, cookies, the type of web browser and operating system you are using, click-stream data and so forth.
If a user downloads a product from our website, we connect the installation GUID with the user’s website log. We use this information to fulfil our legitimate interests, which are to analyse overall trends, administer our webpages, track users’ use of the webpages, help us improve our website(s), and to better understand the users’ experience on our website(s) when downloading and activating our products.
Device and Network Information
We may collect information about the computer or device you are using, our products and services running on it, and, depending on the type of device it is, what operating systems you are using, device settings, application identifiers (AI), hardware identifiers or universally unique identifiers (UUID), software identifiers, IP Address, location data, cookie IDs, and crash data (through the use of either our own analytical tools or tolls provided by third parties, such as Crashlytics or Firebase). Device and network data is connected to the installation GUID.
We collect device and network data from all users. We collect and retain only the data we need to provide functionality, monitor product and service performance, conduct research, diagnose and repair crashes, detect bugs, and fix vulnerabilities in security or operations (in other words, fulfil our contract with you to provision the service).
We also use your device and network data for in-product-messaging and cross-product development. Premium or paid customers can manage in-product messaging for marketing purposes and cross-product development in the applicable product settings.
We collect information in the form of statistics through our own or third-party analytics about which apps have been installed or uninstalled, how they are used, the number of active users, and the impact apps have on device performance and battery consumption (collectively, “AppInfo”). From this we study device and network behaviour, purchasing history and trends to measure the relative success of our products over time (in other words, serve our legitimate interests).
Analytics and Crash Reporting
As regards crash reporting, we currently use two crash reporting services on our mobile applications: Firebase Crash Reporting provided by Google and Fabric Crashlytics provided by Twitter, Inc. To enhance your user experience and to improve the stability of mobile applications, us uses crash reporting services to collect information about the devices that you use and your use of our applications (for example the timestamp of when you launched the application and when the crash occurred) which enables us to diagnose and resolve problems. This allows us to deliver to you stable, functioning services (perform our contract with you) and improve our applications in the future (serve our legitimate interest). If you do, however, wish to opt-out of this data collection via Firebase Crash Reporting and Fabric Crashlytics, you can do so via the application settings in our mobile applications. The data collected will be transmitted to and stored by Google (Firebase Crash Reporting) and by Twitter (Fabric Crashlytics) on servers globally.
Specific products for your PC collecting your Service Data
Avast and AVG AntiVirus & Internet security products & services
Our AntiVirus and Internet security products require the collection of usage data to be fully functional. Some of the usage data we collect include:
·potential malware threats to your device and the target of those threats, including copies of files or emails marked as potential malware, file names, cryptographic hash, vendor, size, date stamps, associated registry keys, etc.;
·information about how you use our products and their features, including data about your particular device, installation and uninstallation rates, language, technical parameters and manufacturer of a device, device security information (password attributes, encryption level), etc.;
·information about where our products and services are used, including approximate location, zip code, area code, time zone, the URL and information related to the URL of sites you visit online; and
·we collectively call this information “Clickstream Data”
We use this Clickstream Data to provide you malware detection and protection. We also use the Clickstream Data for security research into threats. We pseudonymize and anonymize the Clickstream Data and re-use it for cross-product direct marketing, cross-product development and third party trend analytics.
Avast CommunityIQ is a threat monitoring service. Information about a threat detected in your computer is sent to our server, so we can observe how the threat spreads and block it. This is vital for the functioning of your computer.
When you download our products and services, you will automatically be opted into us CommunityIQ, and your computer is able to provide security-related information when needed. You may choose to opt out via product settings. By remaining in us CommunityIQ, you actively help yourself and others in the Avast community to experience a higher standard of security.
Our security experts process the data acquired by us CommunityIQ to update our databases of viruses and infected websites, and for historical and statistical purposes to understand where the threat is coming from, the levels of threat per country, how many persons visited the malicious website and the number of people we protected. We process your personal data for the purposes of AntiVirus functionality and to protect you.
The data is collected from your entire submission process online. For both desktop and mobile users, this includes URLs of visited websites, IP Addresses, approximate geolocation of user or Internet Service Provider (ISP), device IDs together with the information on the nature of the detected threat. We collect this information to ascertain the source of the infection.
Geolocation gives the approximate location, for example, the latitude and longitude of the IP Address. However, if you access a malicious website while using Wi-Fi, then your IP Address can be location data. Depending on your ISP, your IP Address may indicate an exact location or the location of the ISP office or your location at a country level.
For desktop users, we also collect:
·Information and files (including executable files) on your computer identified by our software as potentially infected, together with the information about the nature of identified threats; and
·Information about the sender of suspicious files or malware and subject of emails identified by our software as potentially infected, as well as the nature of identified threats.
Avast File Reputation Service
FileRep is a database of executable files sourced from users who participate in the service. The files (or their hashes, that is, de-identified versions of the files) are stored and evaluated for the purpose of determining which are infectious and updating virus databases.
Your participation is voluntary, and the data is stored in a way that limits its potential to be associated with individual users, for example, by hashing so the data is anonymous. This means it can be personally identifiable data if reversed by a “key”. However, the risks are lowered. In participating, you actively help yourself and others to experience a higher standard of security.
If you do not want to participate, you can opt-out by unticking the box ‘Enable reputation services’ in the general settings menu.
CyberCapture is a feature in us AntiVirus that detects and analyses rare, suspicious files. If you attempt to run such a file, CyberCapture locks the file from your PC and sends it to the our Threat Lab where it is analysed in a safe, virtual environment. You are notified when the analysis is complete.
Currently, CyberCapture triggers when you run or download suspicious files from the Internet that CyberCapture has not previously encountered. We plan to expand this condition in the future to cover more sources.
CyberCapture is able to handle large files, but it may take longer to deliver such files to the Threat Lab. All files are uploaded over an encrypted connection, which means your data is inaccessible to hackers.
When CyberCapture is enabled, we collect information about you, your device IDs, your operating system, for example, whether you are using Windows 10 or XP, and we know your approximate location, usually at the country level.
CyberCapture is enabled by default in the latest version of us AntiVirus. We strongly recommend that you keep CyberCapture enabled. If you would like to disable CyberCapture, open the product user interface and go to Settings.
CleanUp is offered as a Windows program. It removes unneeded files, registry entries, broken shortcuts and other similar items. It also provides system tuning features like program deactivator. For it to function, we process and store the following:
·originating IP Address; scanned systems history including data about operating system, patch level;
·system health, hardware information (including CPU), graphics card information, hard drive information;
·system data information, which is a list of computer software installed, directory listing of software, registry name and entries, registry hives and executables; and
·other operational data, for example, errors and error messages.
We use this data for operational purposes, and to provide you with a fully functional service.
Avast Secure Browser
In the default setting, our Secure Browser will process:
·your IP Address;
·the GUID number assigned to your installation of the Browser;
·cookies usage data; and
We use the data we collect to provide the Browser’s functionality, to monitor performance and to improve our services. You can access and manage key privacy features from the Secure Browser’s settings:
Browser Security & Privacy Center
The built in Security & Privacy Center is a curated collection of some key security and privacy features, tools and settings, organized into one management console making it easier for you to control and manage your online privacy and security.
This blocks malicious websites and downloads to help prevent your personal computer (PC) from becoming infected with viruses, spyware, and ransomware.
This cleans your browser history, cached images, cookies including both first-party and third-party cookies, and other junk with just one click, to keep your activity private and free up disk space.
This prevents your browsing history from being stored and removes any tracking
cookies (both first-party cookies and third-party cookies) or web cache you pick up during that browsing session.
Avast Secure Browser will also process the following data locally on your PC:
·your browsing history;
·personal information and passwords;
·a list of permissions;
·thumbnail-sized screenshots of websites that you visit;
·cookies or data from websites you visit;
·data saved by browser extensions and add-ons;
·data on what you downloaded from websites;
·data imported from other browsers; and
You can manage the data stored locally on your machine in the Browser settings. Data stored locally on your machine is not collected by our servers.
You can manage this information in several ways:
·you can delete your browsing history, cookies and site data by visiting the Security & Privacy Center and using the ‘Privacy Cleaner’ tool;
·you can stop us Secure Browser from accepting cookies from publisher websites by ensuring that ‘Anti-Tracking’ is turned on from within the Security & Privacy Center;
·you can modify the cookie setting policy under the us Secure Browser Settings by going to Settings/Advanced settings/Security & Personal Privacy/Content settings;
·you can review stored passwords using the Secure Browser default password manager in us Secure Browser Settings. Go to Settings/Advanced settings/Passwords and forms/Manage passwords; and
·you can view and manage your stored Autofill information in us Secure Browser Settings. Go to Settings/Advanced settings/Passwords and forms/Autofill settings.
Avast Passwords is a feature that stores user passwords and notes under a single master password or fingerprint and permits the user to log on to multiple sites using a unitary sign-on credential.
On Windows, us Passwords forms an integral part of us AntiVirus, which can be activated by the user by either performing a smart scan or by opening the feature in the product menu. On other platforms (Android, iOS and Mac) Passwords is a standalone program.
When activated, Passwords will check whether you have stored any passwords via your browser and will suggest you move these passwords to Passwords, so they can be stored securely.
When you choose to do so, Passwords will upload these passwords and remove them from your browser. Please note that the browser check happens locally on your device and none of your passwords are sent to our servers.
Your passwords and other personal data are stored locally on your devices and encrypted by the Passwords app.
However, when you choose to activate the optional feature "Synchronisation & Backup" to synchronise and backup your passwords across all your devices, you are required to create an account. Your personal data, that is, your passwords and notes, which may include credit card details, will be backed up on our remote server in a securely encrypted form, readable only via a “master key” on your device. Thus, it cannot be decrypted by us.
The data collected by us Passwords is necessary to provide the product functionality.
Antispam is a product functionality that is designed to protect you against unwanted emails (spam). The software may collect information contained in emails reported by you as spam or identified as spam by a third-party tool (Mailshell). When you report an email as spam, the email is sent to the third party. Your consent is required for each of these submissions if you use the default setting.
We do not collect, use or store your personal data. We do not share your software or device ID or any us generated ID with the third party. In general, Mailshell does not have information about individual us users or devices and is not able to connect any information to you. If you wish to know in detail what data Mailshell collects from you, please go to their website.
When you use SafePrice, information related to certain shops or products, URLs, the installation GUID, a timestamp of the offer, purchase, product name and number, merchant’s name, product links, prices and the categories of your purchased items, location at country level will be collected or transferred to us.
This information is used to retrieve available offers, for example, coupons or cheaper prices from third parties partnering with us. We request offers anonymously from those third parties and will not transfer or disclose your personal data to them.
At this stage, you do not communicate with the third party, only with us, and we do not forward any information to the third party except your country level geolocation and language. We do not give them your personal identifiers, so no emails and no names.
In the end, you buy directly from the seller. We do not have access to your credit card details as you deal directly with the third-party companies.
Avast BackUp provides backup and storage capabilities for personal data that otherwise would reside only on your computer's hard drive. For us BackUp to work, data on your hard drive must be transferred to a centrally hosted site so that it can be "backed up."
If your hard drive contains personal information, that information will be transferred to the host site for storage and subsequent retrieval. Techniques used to protect this information during storage and transmission are described below (create link to Storage, Retention and Deletion of Your Personal Data).
Service Data specific to CCleaner Desktop Apps and Other Products
All Piriform desktop apps receive usage data via log files. We collect usage data such as your device ID, your browser type and version, your operating system, your IP Address and information on software you have installed as necessary for the functioning of your Piriform desktop apps and to check if you qualify for any installer or in-app promotions we may market. The collecting and processing of your usage data is automatic once you install the app.
CCleaner for Apple Mac cleans and de-clutters your hard drive, makes your operating system run faster and helps make your browsing on the internet more private and secure.
Recuva is a windows app that allows you to search your hard drives and USB drives and recover any deleted files (if deleted with standard windows deletion).
Defraggler allows you to optimise your older hard drives so they run faster.
Software as a Service (SaaS) Product
SaaS products allow you to connect to and use cloud-based apps via the Internet.
CCleaner Cloud is offered as both a free and paid version. The platform allows users and businesses to remotely manage their computers centrally from the platform.
For free users, we collect personal data including your name, email address, IP Address and computer events, for example when you install software. This data is necessary to provide and improve our services by connecting this data with the usage logs. For Professional and Business users, we collect the same personal data as for the free user and additionally, we may collect your company name, billing information and mobile number. The data is necessary to complete the contract when you subscribe to our services.
CCleaner Network is a business-only product that is installed locally on your server and allows you to manage and clean your company’s computers. We do not receive any data as this is a local-only closed network product.
Service Data Specific to Your Mobile
Avast and AVG Products & Services
In the sections below, we look at what data is collected when you use AMS, AVG AntiVirus and AVG Protection for Xperia, in addition to variations of these apps developed specifically for tablets or alternative app stores.
When you first run these apps following installation, you have the option to subscribe to use the paid version. If you stay on the free version, we will serve third party ads; if you do not want to view third party ads, you may choose the paid version. Whatever your choice, your service data is not connected to your Billing Data, because there is no Billing Data for free users and for paid customers, as described above, your Billing Data is collected only by the app store where you purchased the product.
If you use the free version of our apps, the services are supported by third party ads. Choosing to install the free version means data such as your IP Address will be provided to the third party ad server.
In some instances, Avast Mobile Security (AMS) or AVG AntiVirus may come preinstalled on your mobile device upon purchasing it from the store and you can deactivate them within the product Settings – Personal Privacy.
Web Shield Lite is on by default and is only effective on some browsers and Android operating system versions. When enabled in a supported configuration, the app reads URLs from the browser in realtime and sends them to our server via the URL information service. We check the URL against our database of known threats and then display an alert if the URL is a known threat.
Web Shield with Accessibility is off by default. You need to grant Accessibility permission to activate this feature. While it is the same service as Web Shield Lite, it is capable of checking URLs in more browsers and operating systems. The list of supported browsers and operating systems sometimes changes due to the development of or changes to third party services.
We may use anonymous browsing data for third party trend analytics. All users may turn off data sharing in product Settings – Personal Privacy.
Avast AntiTheft for Android
AntiTheft is a function within AMS. It is off by default. When you choose to turn it on, you can request location on demand frommy.avast.comor through SMS commands from another phone. AntiTheft is designed to protect data residing on your mobile phone in the event of theft.
For AntiTheft to function, we must collect and store information about your phone and its approved users. The types of data we collect include the following:
·a list of approved SIM cards;
·a phone number to notify you in the event of unauthorized SIM card replacement;
·a number where calls and messages can be forwarded in the event of theft;
·your mobile’s unique identifier or International Mobile Equipment Identity (IMEI) when you activate AntiTheft.
We use this data to locate and identify your lost device, and to help you report the lost device to police and cell phone carriers. If the phone was stolen, it may block the thief from using the device. The collected data is used to provide you the functionality.
Last Known Location is a feature within AntiTheft, also off by default. When you activate the feature, we send more frequent location updates to the server to help you track your device's last known location.
Avast Call Blocker
Call Blocker is a feature of AMS which allows you to block unwanted callers. It is off by default. When on, we build a database of SPAM callers by analysing patterns of high volume callers across our user base.
When you (an AMS user) call a third party, or a third party calls you, we will have the following record in our database: the third-party phone number, the time of the call, and an anonymous key code number assigned to this particular record. This allows us to count the number of calls made to a specific recipient in order to evaluate whether the call is a spam or not. Your GUID is disconnected from this data.
We do not collect the phone numbers of our users. Therefore, the data we collect from you is anonymized and we are not able or intending to trace the call record to you.
However, we are able to see the phone numbers of third parties who called our AMS users in general or which phone numbers were called by our AMS users.
The purpose of this data collection is to identify high volume callers; therefore, we look at aggregations, not at individuals. You may shut off this feature in your discretion via the product Settings.
Avast Wi-Fi Finder
Avast Wi-Fi Finder for Android provides information about free hotspots. It is based on crowdsourced data, meaning that every user has to willingly contribute to the database.
We use the data collected for sharing with other us Wi-Fi Finder users. You may turn off data collection by not using the WIFI sharing feature. We collect this data:
·the location of the device when you use “submit a hotspot”;
·names of hotspots you submit to the database;
·some technical information about the network (speed, signal strength, security assessment, and frequency
·mac address and IP Address of the device;
·us install GUID and hardware identifier; and
In some Android versions, we need your location permission to scan Wi-Fi networks for security threats. Any time we’re given the location permission, we may use it to refine our databases of Wi-Fi networks, including the locations of Wi-Fi hotspots and dangerous networks.
Avast Battery Saver
us Battery Saver is an app that helps you monitor what apps are running in the background, speed up your mobile device, and save the battery. We collect AppInfo for the purpose of delivering this feature.
Battery Saver has a functionality, Smart Profile that can switch your device setting automatically to preserve the battery upon an event you set up, for example, when you come home. In doing this, you have to reveal your location Wi-Fi or give us permission to use your Android mobile operating system’s location so that the event can be triggered. This data is stored locally on your device and is not transmitted to us.
Smart Profile is enabled by default, but you may disable this via product settings.
We use us ApkRep to build a database of Android apps sourced by users of AMS. We collect and store hashes of app files together with the installation GUID, as well as metadata about the apps (e.g. application package name, application signing certificate information, source market identifier and file size). We process this on the legal basis of our legitimate interests in analysing your data to find infectious apps and to update our virus databases, which is necessary to continuously improve AMS to keep you secure.
Avast Android CleanUp, AVG Cleaner, AVG Cleaner for Xperia, and CCleaner for Android (Piriform)
Avast Android CleanUp, AVG Cleaner, AVG Cleaner for Xperia, and CCleaner for Android (Piriform) access your device storage to delete data that is not in use. You will be asked to allow your Android operating system to access your device storage. The feature sees what’s in your device, for example the apps and files you have downloaded, ranging from your music playlist to photos. However, everything takes place locally on your device and nothing is transmitted to our servers.
Since we do not collect or store any personal data, any data collected is anonymous.
Avast Family Shield
Family Shield is a location-based mobile phone application service. The master user installs the application on his/her device and then also on the device of a connected user, for example a child. The application collects users’ telephone numbers, location of mobile device, location-based information, website domains, and app usage history, to provide the requested service. One of its features is for the master user to know where a connected user is (for example, using the application, a mother or father can connect their device with the device of a child or parent and then see where their child or parent is located). Another feature allows the master to set parameters that will block or permit specific websites, and/or applications from running on or from being collected from the connected user's device. This application also provides the master user with the battery level of the connected user's device. Login is managed using Facebook login, but we use the Facebook login information only for authentication. We do not collect any information regarding your Facebook account beyond this authentication. We use the data we collect in order to deliver the Family Shield functionality (perform the contract we have with you).
Avast Mobile Campaign and News Feed
From time to time, we will run mobile campaigns. The goal of our campaigns is to show messages to you to promote various features of our apps and offer discounts on paid features. We use three kinds of messaging formats:
Here are some examples of general events which we use to trigger messaging:
·Seasonal events (such as national holidays)
Each app can also define its own events, for example:
·AV scan threats found
Apart from campaigns, when you use our apps on your Android, you will receive news feed from us, for example, once you complete a virus scan or CleanUp process, you are directed to a result screen that offers a Facebook-news-feed-like experience.
Each feed has multiple cards. You can scroll the feed vertically. Each card has its own function. We may offer information or tips, promote our apps or guide you to a screen, application, Google Play or web page when you tap on the card. We also display third party advertisement cards to free users.
We use our servers to download relevant content for you, so we will transmit some of your data in the request, for example, your hardware ID, the install GUID, and device information like language, vendor, model, and android version. Your data is used to deliver content, which is relevant to you.
AVG Alarm Clock, Open Weather and Taboola
AVG Alarm Clock
When you install Alarm Clock, which is an app that you can set to wake you up, you will also receive by default, weather (via Open Weather), news (via Taboola), and third party ads via regular ad SDKs.You may opt out of receiving news and weather reports via Settings – My Day Dashboard.
Through Alarm Clock, we collect and process anonymous statistical data in our own analytics system and we share pseudonymized or anonymised data with third-party analytics and crash reporting (create link to document, Cookies and Other Similar Technologies). We collect only the personal data necessary for us to enable our third-party providers to send you relevant information. You may opt out of third party analytics through Settings – Personal Privacy.
You receive weather information from Open Weather, our third-party service provider. This service is on by default and we share your approximate location data, so you will receive relevant weather forecasts, for example, East Coast, USA. However, if you wish to have the weather forecast for a specific location, for example, Brooklyn, New York, you have to turn on this setting. Apart from Alarm Clock, you can receive Open Weather on your charge screen when you install AntiVirus, Cleaner and Battery Saver.
Alarm Clock will also show you news articles from Taboola, our third-party news aggregator. We share some of your data with Taboola, such as your IP Address, your device, browser and operating system, your hardware ID, news websites you visited and your preferred language, for you to receive locale specific news.
AVG Gallery, Gallery Doctor and Photo Cleaner for iOS
Gallery is a smart app that you can install in your Android to help you organise your photos and videos into significant moments. Through Gallery, we collect analytics data in our internal analytics system, and through third party analytics like Google Analytics and third party crash reporting (Crashlytics) (create link to document, Cookies and Other Similar Technologies).
AVG Gallery Doctor
Gallery Doctor is a free app that helps you free up storage space in your mobile byidentifying bad & similar photos in your Android gallery. It does not collect any personal data.
There are a variety of accounts you can create with us.
Account data is the data you give when you open an account or request a service from us and may including your name, address, email address, phone number, photo, date of birth, gender, and interests (collectively, “Account Data”). Account Data may include the same data as in your Billing Data (such as name and email), but Account Data is not connected to your credit card number and, except in a few instances described below, is not connected to your Service Data. We process this data in order to provide you with the relevant account.
Examples of Accounts and Services
Avast and AVG Accounts
Avast Account (id.avast.com) and AVG account (my.avg.com) are tools which permit you to register multiple products using a single registration and authentication system. If you use these Accounts, you will be asked to provide your email address directly or indirectly via social media login. This is used for authentication.
Opening an account is voluntary. For paid and trial customers, there is the convenience of managing your licenses and seeing your connected devices in My Avast portal.
Once you delete your account, your Account Data will be deleted, but this will not delete other records of your name or your email address stored at us.
Some products may require you to establish an Avast Account for the provision of the service or to provide the product functionality. For example, Avast anti-theft products will sync your personal computer and your mobile device, so if you lose your mobile device, you can track it on your personal computer. For forum.avast.com and business.avast.com, you likewise need an account. For product features to be enabled and functioning, you must have an Avast Account.
For myaccount.avg.com, this is a legacy account that was used for subscription handling and had features such as permitting users to download copies of their invoice(s).
For HMA!, users can manage a list of their product subscriptions, as well as some specific VPN features, and see a list of VPN servers.
Website Product Registration
To register as a customer of our paid AntiVirus products, you are required to provide your email address and select a password. For desktop users, you may register online on the website. We process this information to validate and verify the number of current licenses in existence. We may also use it to verify that copies of our product are legitimate, and not counterfeit. You may voluntarily submit additional information such as your name, demographic information, or other personal information.
Instead of website registration you may select "Registration form" from within the product interface. On the registration form, you provide your email address and select a password. We may also ask general demographic questions such as your level of computer experience or your prior AntiVirus program. You may voluntarily submit additional information such as your name, demographic information, or other personal information.
Registration and Log-in via Other Mediums
It is possible to use Facebook or Gmail to register us Free AntiVirus and to log-in to your Avast Account.
If you choose Facebook or Gmail for registration and sign-in, you will be asked to share certain personal data from your Facebook or Gmail account with us. We collect and store personal data you provide such as your email address, name, avatar (main profile picture) and the identifier of your Facebook or Gmail account.
One of our website features is the "Community" section, which includes a comments area, links to user pages, links to blogs, links to the Avast Forum, and links to third-party sites such as Twitter and Facebook (create link to Third Party Sites in main document).
You may post a general comment in the "Overview" section of the "Community" pages using your Avast Account or via Facebook or Gmail. The user ID that appears beside your comment will be the user ID from your Facebook or Gmail. If you have a profile photo connected with this user ID, that photo will appear beside your user comment.
The Avast Forum is accessible from the AVG Support Community pages or via a link on the "Support" section of our website. Certain features require registration by you.
If you decide to register by creating an Avast Account, you will be asked to select a username, password, provide an email address and physical location. Disclosing your physical location is optional. You may allow other users to send you messages and you can log in to your account via Facebook or Gmail.
Once registered for us Forum you may control your privacy settings when using the Forum by visiting your "Profile" page. You can modify your settings at any time. You can also view your past posts, usage stats, password settings, and user profile as seen by others.
You have the option to provide additional information such as personal texts, disclose your birth date, identify your gender, instant messaging number, messenger username, or website name and address, disclose your physical location, and select an avatar or personalized picture. Any information you provide here will be visible to other users.
The following minimum items of information will be available to all users, regardless of your profile settings: your username, your total number of posts, and posts per day, the date and time you registered, your local time, and the date and time of your last activity.
Where you submit your personal data for publication, for example, via the Avast Forum or our Community pages, such data will be made available publicly.
If you choose Facebook as your registration or sign-in method, your permission will be sought for us to take certain actions on your behalf.
Specifically, we will request permission to post on your behalf where:
·you register or install an us product;
·you update an us program; or
·an Avast program protects you from visiting an infected website.
Examples of what might be posted may include the following, or similar messages:
(1) “Avast AntiVirus just saved my computer from infection! Try it now. It’s free.”
(2) “My us AntiVirus just updated, with powerful new security features. Download it for FREE. You’ll love it.”
(3) “I just installed us AntiVirus for free. I really like it. If you want the best protection, download us like I did.”
You are not obliged to agree to allow us to post on your behalf and you may “skip” this state during registration.
There are many opportunities to contact us via our website. There are links that allow you to reach us by email via the Support page, by clicking our media contact or news subscription buttons, or by requesting online service or support. In general, the amount of information that we collect when you contact us will be in proportion to the nature of the contact. For example, if you contact us by email, we will require your email address to reply.
Newsletters and Blog Notifications
We offer news and information on our website, including email newsletters and blog notifications of current news items. This is a free service we provide to you. You may receive an ad banner on our website promoting a news story. However, you must subscribe if you wish to read it.
We may use your email to send you information on other publications or other us products or services.
When you subscribe, we request your first and last names, email address, and country of residence. We process your personal information to help develop content that is interesting to our audiences and to send you relevant blog notifications and/or newsletters.
There may be times when we post a "refer a friend" link that allows a site visitor to send a message to a friend about an Avast product or service. We will never request that our users provide a friend's phone number or other contact information. We do not have any record of the email address that you use to send the message. It is up to the friend to install.
Sometimes the friend referral takes place when you install a product. When the friend installs, we collect the GUIDs and information that your two installations are connected.
This concludes the description of personal data collected by us when you purchase products and services or when you register for an account or request services. The next section covers the data collected by us from the installation and during the running of our products and services. We call this Service Data.
J.Live Events and Competitions
Aside from interacting with you by way of your use or purchase of our products and services, us may collect your personal data from you directly, when we attend trade shows or when you participate in our promotional events or competitions.
When you interact with us at trade shows and provide us with your personal data on a business card or through other means (for instance, through registering for an event we are holding at such trade show), we will be processing your personal data for the purposes of building and expanding our database of existing or prospective business partners. We will use this contact information in order to communicate with you about possible business partnerships or other similar opportunities, and to promote our brand across the industry (serve our legitimate interests).
Live events and competitions held and organized by us generally require that you register first. To complete a registration, you provide us with your name, your e-mail address and other relevant information, which is marked as “Required” (this could, for instance, include information about your technical background, if you are registering for one of our competitions). We may also take photos or videos of the competition.
Provision of live event(s) and competition(s) data is voluntary. However, if you do not provide us with the information marked in the form as “Required”, you will not be able to participate. We will also sometimes process information about your social media accounts (links to your Twitter, Facebook or other social media accounts), should you choose to provide them. Avast will process the “Required” as well as other voluntary information in order to assess your application, register you for the event and to communicate with you about it. We may use your image in photos or videos on our website or as part of our general promotion and marketing efforts. We will also use your email address to communicate with you about new us events and about other products and services from us.
Please click on the links below to move to the sections below:
1. Personal Data We Collect, Process and Retain
3. Where We Store Your Personal Data
4. Disclosure of your information
5. Your Rights with Respect to your Data; Emails
7. Your California Privacy Rights
8. Changes to this policy
1.Personal Data We Collect, Process and Retain
We collect your personal data when you register for our VPN services. We process your personal data in order to provide you our products and services, to send you direct marketing, to optimize and improve our products and services, and to comply with our legal obligations. The legal bases we rely on are contractual and service necessity, legitimate interests, and compliance with legal obligations.
We may collect and process the following data about you:
·What data we collect
When you register we may collect your name, username, email address, password (encrypted) and IP address.
·Why we need this data and how we use it
We may collect your name to personalize the services we offer to you, and collect your username and password in order to provide you with access to the web based control panel and to our downloadable VPN software. We collect your email address in case you forget your password or wish to receive email newsletters. Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our services. In general, we use the data we collect to provide our services to you, prevention of fraud and abuse. From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking the "unsubscribe" in the relevant email.
·How long do we store this data
If you continue to use one of our services, we will store this data for as long as you are using one of our services or have an active account, and for up to one year after that for contract administration. We may keep this data for an extended period as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
On request for payment details:
If you opt to pay for use of our services, we will use a third party payment processor to take payment from you. These third parties are properly regulated and authorized to handle your payment information and are prohibited from using your personal data for promotional purposes or for any other purposes other than providing these services to us.
·What data we collect
We collect payment information, which will vary depending on the payment method chosen by you, but may include your name, address and credit card information. We also collect geolocation data determined on the basis of your IP address to identify your country of origin. We never handle or store complete credit card numbers, as this is done on our behalf by our payment processors. If you are a business user, you may choose to provide additional details, such as your company name, address and EU VAT number (if applicable).
·Why we need this data and how we use it
We store this information as we require a record of your payment for accounting, taxation and invoicing purposes and to manage your account. We may also use your payment information to detect and prevent fraud.
·How long do we store this data
If you continue to use one of our services, we will store your payment data for as long as you are using one of our services or have an active account, and for up to two years after that. We may keep your payment data for an extended period as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you contact us:
If you contact us through our website for any reason we will generally store these communications and your IP address for up to 6 months, unless we are required, for legal reasons or under exceptional circumstances, to retain this information for an extended period.
When you contact us outside of our website (e.g. using individual corporate email addresses or by phone, including our help desk), we may store your communication for as long as necessary to provide you services or to comply with our legal obligations, resolve disputes, and enforce our agreements. If we speak with you by phone, we may, record the phone calls, for quality control purposes and to provide you the services.
If you use our VPN service:
·What data we collect
We will store a time stamp and IP address when you connect and disconnect to our VPN service, the amount of data transmitted (up- and download) during your session together with the IP address of the individual VPN server used by you. We do not store details of, or monitor, the websites you connect to when using our VPN service. We collect aggregated statistical (non-personal) data about the usage of the VPN mobile apps and software.
·Why we need this data and how we use it
We need this data to monitor the performance and usage of our VPN Service, for example it enables us to sort server nodes by the number of users connected, to limit your account to one concurrent IP address per VPN connection (to prevent shared accounts), resource analytics (to carry out usage analysis for administrative purposes) and to prevent abuse and fraud.
·How long do we store this data
This data is stored on our system for up to thirty days unless we are required, for legal reasons or under exceptional circumstances (including our own investigations of fraud or abuse), to retain this data for an extended period. For more information about logging on our VPN Service, please see our separateVPN Logging Policy.
If you use our IP:PORT premium service:
·What data we collect
We store the date and time of order for the IP:PORT Proxy List premium service, and the email address provided to us for receipt of the proxy list emails and your payment information.
·Why we need this data and how we use it
We need this data so that we can send you emails containing the proxy lists and so we have a record of the transaction for accounting purposes.
·How long do we store this data
You can delete your account at any time but your email address will be stored by us for no more than 2 years after you have deleted your account.
We will not share any of your personal data with anyone except in the circumstances referred to in section 4 (Disclosure of Your Information). We do not knowingly collect personal data from persons under the age of 18. Any potential or current user who is under age must immediately cease using the services.
If you use our products and services in general:
·What data we collect
We store information about events (installation, status of the license, change of license) as well as dates and locations (on country level) of these events, technical data (type of connection, speed, settings, interaction with our product), and information about your license (for instance, information about the type of your license - is it a free, trial or paid license - what is its validity and expiration date, whether renewal is applicable).
·Why we need this data and how we use it
We use this data in order to conduct our own internal analyses about how our services function and behave, how our users interact with them, and to optimize and improve our products and services, such as fixing bugs and crashes. To this end, we utilize only our own internal tools and do not use or involve any other third service or party (as a general rule, HMA! uses third-party analytics providers only to a limited degree, as described in Third Party Tracking and Analytics Policy here).
·How long we store this data
We will retain this data as long as you have the product installed and, after you uninstall the product, for an additional 90 days. After that, we will delete the data.
3.Where we store your personal data
We are a global business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (the EEA), where the level of protection provided by the laws of these countries may be different than the high standard enshrined in the GDPR. Regardless, we provide the same GDPR-level of protection to all personal data we process.
By using the service, you acknowledge this transfer, storing or processing.
When you enter payment information (such as credit card numbers) on our order forms, the transmission of that information is encrypted using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
4.Disclosure of your information
Please note that the Avast Group is comprised of companies and offices around the world. In order to do business around the globe, we may share your personal data across our offices and companies which may be in countries with different laws regarding the collection and use of personal data than the country we collected it from.
Lastly, we may share your personal data:
·when necessary to deliver the product or service you require such as with a payment card provider who we use to process your credit card transaction;
·when authorized by law or necessary to comply with a valid legal process;
·when required to protect and defend the rights or property of the Avast Group, including the security of our products and services;
·when necessary to protect the personal safety, property or other rights of the public, the Avast Group or its customers or employees; or
·in connection with a sale of all or part of our business.
5.Your Rights with Respect to your Data; Opt-out
Under the GDPR and applicable UK law, you, as a data subject, have certain rights. Rights such as the right to access information held about you. Your right of access can be exercised. You have the right to ask us about the personal data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update, correct, delete (assuming that this does not impact the services we are providing to you) or export (port) your data, as well as the right to object to processing and lodge a complaint with the supervisory authority. You exercise these rights on the Privacy Preference portal or at https://support.avg.com/?l=en. Please note that we may reject or refuse to fulfill to the fullest extent requests which risk the privacy of others or are unreasonable or repetitive, or would require disproportionate effort. Please note that we may generally keep your personal data for one year after you stop being a customer (but we typically keep your personal data no longer than is reasonably necessary given the purposes for which the data was collected). Some of the data may be retained longer, for instance, if we have a legal obligation to retain it (e.g., for the purposes of tax), or, as the case may be, until the applicable statute of limitations expires.
You have the right to opt-out of receiving certain emails (e.g., marketing communications) at any time by following the relevant unsubscribe process outlined in the applicable email. Please be aware that our emails may include important or useful information about our services. We may also contact you via email in the context of our contract (transaction) to give you information about the transaction or the term of your license. Given the transactional nature of these emails, these are necessary in order for us to manage our relationship with you and may not be able to unsubscribe from these transactional emails.
7.Your California Privacy Rights
8.Changes to this policy
Logging Policy And Use
When you use our VPN service the only logging data we collect from you (“VPN Data”) is as follows:
a time stamp when you connect and disconnect to our VPN service;
the amount data transmitted (upload and download) during your session;
the IP address used by you to connect to our VPN; and
the IP address of the individual VPN server used by you.
We DO NOT store details of, or monitor, the resources (including websites) you connect to or any of the data sent or received over our network, when using our VPN service.
We collect and use VPN Data for the operation of our business to:
monitor the use of our network for technical purposes and to manage and improve our service;
prevent and detect fraud against our service (e.g. credit card fraud);
prevent and detect abuse of our network, such as spamming, file sharing or other illicit activity.
Except in the limited circumstances described below, VPN Data is stored for 30 days on our secure servers, after which time it is deleted, except in certain very limited circumstances (see below). We delete VPN Data on a monthly basis, so data is stored until the end of the 2nd month after the month during which it is created. For example, all data created in January will be deleted on 31 March.
The exceptions to our retention policies are:
If we are notified or determine that your VPN account has been used in breach of our End User Agreement (including our Acceptable Use Policy, e.g. for spamming, file sharing or other illicit activity, then we may store your VPN Data for an extended period of time beyond the normal 3 month maximum.
Where a user has, or has attempted to, defraud us (e.g. by using a stolen credit card to purchase our service), then that user is not covered by the protections in our terms of service and we reserve the right to use any data held on that user in any way we see fit to prevent further fraud against our service or third parties.
If your account is identified by us following a notification that it has been used in breach of our terms of service, we reserve the right to suspend your account to prevent further abuse, however, in such circumstances we will never voluntarily hand over your personal data to a third party unless we are legally compelled to do so in accordance with English law.