We are required by the California Consumer Privacy Act of 2018 (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), Texas Data Privacy and Security Act (“TDPSA”), Florida Digital Bill of Rights (“FDBR”), Oregon Consumer Privacy Act (“OCPA”), Montana Consumer Data Privacy Act (“MCDPA”) and other applicable legislation to provide to residents of the correspondent states an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information (the “Notice”).
Kaspersky provides products and services to business users and individual home users.
This Notice applies only to individual home users and website visitors who reside in California, whose interactions with us are limited to:
- Visiting our US-based consumer websites, including MyKaspersky portal,
- Requesting and receiving technical support for our consumer products or services,
- Signing up for email alerts or other marketing communications,
- Participating in one of our consumer-facing offers, programs or promotions, or
- Interacting with us on social media.
For additional information about our collection and use of personal information of website visitors, and the rights and choices that may be available to website visitors, please visit our Kaspersky Lab Privacy Policy for Websites.
Privacy Practices
We do not sell personal information. As we explain in our privacy policies, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.
Below is a description of our privacy practices with respect to the personal information of USA residents who visit our websites, and otherwise interact with us as described in this Notice.
User activity | Personal information collection | Sources of personal information | Purposes for which we may collect and use tde personal information | Sharing |
|---|---|---|---|---|
Signing up for email alerts | Name or alias Email address | You | Operations | Shared with service providers |
Username Password | You | Operations | Shared with service providers | |
Visiting our websites | Device data | Automatic collection | Operations | Collected directly by or shared with our service providers |
Please note that we may also disclose all personal information (a) with Kaspersky Lab group companies; (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Privacy Rights
The CCPA grants individuals the following rights:
Information
You can request information about how we have collected, used and shared your Personal Information during the past 12 months.
Access
You can request a copy of the personal information that we maintain about you.
Deletion
You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you.
The VCDPA, CPA and CTDPA grant individuals the following rights:
Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information. We will provide a copy of personal information we have obtained about you.
Data Portability
You have the right to request a copy of your personal data in in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
Deletion
You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.
Correction Request
You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.
Appeals
If we deny your request, you have the right to appeal our decision. We will respond to appeals from Virginia and Connecticut residents within 60 days. We will respond to appeals from Colorado residents within 45 days.
The UCPA grants individuals the following rights:
Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information.
Data Portability
You have the right to request a copy of your personal data in a format that: to the extent technically feasible, is portable; to the extent practicable, is readily usable; and allow you to transmit the data to another controller without impediment, where the processing is carried out by automated means.
Deletion
You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.
The FDBR and TDPSA grants individuals the following rights:
Access
You have the right to confirm whether a controller is processing your personal data and accessing your personal data
Data Portability
You have the right to request a copy of your personal data in a portable and, to the extent technically feasible, readily usable format if the data is available in a digital format.
Deletion
You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.
Accuracy (Correction Request)
You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.
The OCPA grants individuals the following rights:
Information
If you need information, you can make requests for confirmation on whether a Kaspersky is processing or has processed personal data; a list of specific third parties to which personal data has been disclosed; a copy of all personal data processed by the controller.
Accuracy (Correction Request)
You have the right to request a controller to correct inaccuracies in personal data about the consumer, taking into account the nature of the personal data and the controller’s purpose for processing the personal data. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.
Appeals
If we deny your request, you have the right to appeal our decision. We will respond to appeals from Oregon residents within 45 days.
Delete
You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.
The MCDPA grants individuals the following rights:
Access
You have the right to confirm whether a controller is processing your personal data and accessing your personal data unless such confirmation or access would require the controller to reveal a trade secret
Data Portability
You have the right to request a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
Deletion
You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Accuracy (Correction Request)
You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing.
Request Processing
You are entitled to exercise rights described below free from discrimination regardless of applicable law.
CCPA
According to the CCPA, we shall not require you to verify your identity to make a request to opt out of sale/sharing; however, we may ask you for information necessary to complete the request, which would not be burdensome on you as a consumer.
VCDPA
If we are unable to authenticate your request using commercially reasonable efforts, we will not be required to comply with a request to initiate an action following your request to exercise your rights. We may request that you provide additional information reasonably necessary to authenticate you and your request.
CPA
We are not required to comply with a request to exercise any rights if we are unable to authenticate the request using commercially reasonable efforts. In such cases, we may request the provision of additional information reasonably necessary to authenticate the request.
CTDPA
We are not required to comply with a request to exercise any rights if we are unable to authenticate the request using commercially reasonable efforts. In this context, we will provide notice to you that we are unable to authenticate the request until you provide additional information reasonably necessary to authenticate yourself and your request.
UCPA
If we are unable to authenticate your request using commercially reasonable efforts, we will not be required to comply with the request. We may request that you provide additional information reasonably necessary to authenticate your request.
TDPSA
We are not required to comply with your request, and we may request that you provide additional information reasonably necessary to authenticate yourself.
FDBR
If we are unable to authenticate your request, we will not be required to comply with it. However, we will make a reasonable effort to request that you provide additional information reasonably necessary to authenticate yourself and your request.
OCPA
We will notify you if we cannot authenticate your request without additional information from you using commercially reasonable methods.
MCDPA
If we are unable to authenticate your request, we will not be required to comply with it. However, we will make a reasonable effort provide you a notice that we are unable to authenticate the request until you provides additional information reasonably necessary to authenticate you.
How to Submit a Request
To request access to or deletion of personal information please contact us at https://support.kaspersky.com/general/privacy or directly by email: dpo@kaspersky.com.
Identity verification. The CCPA, VCDPA, CPA, CDTPA, UCPA, TDPSA, FDBR, OCPA and MCDPA require us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.
Authorized agents. You can empower an “authorized agent” to submit requests on their behalf if this right is granted by your applicable law. We will require the authorized agent to have a written authorization confirming that authority.
Online Tracking Opt-Out Guide
Like many companies online, we use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://allaboutcookies.org.
Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:
Google: https://adssettings.google.com
Microsoft: https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads
Facebook: https://www.facebook.com/about/ads
X: https://twitter.com/personalization
Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Digital Advertising Alliance: https://optout.aboutads.info
Network Advertising Initiative: https://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Opt-out Rights.According to the applicable law you have the following rights to opt-out of the processing of your personal data for purposes of:
CCPA:
- sale of personal information
- sharing of personal information
VCDPA, CPA, CTDPA and OCPA:
- targeted advertising;
- the sale of personal data; or
- profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
UCPA:
- targeted advertising
- sale of personal data
FDBR:
- targeted advertising
- sale of personal data
- profiling with significant effects
- collection of sensitive data
- collection sensitive and precise geolocation data
- collection data collected through voice or facial recognition features
TDPSA:
- targeted advertising
- sale of personal data
MCDPA:
- targeted advertising
- sale of personal data
- profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer
GLOSSARY
Biometric Information | An individual’s physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. |
Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Education Information | Personal information from an educational record, which could include: a student’s name, the names of the student’s parent or other family members, the address of a student or student’s family, a student’s personal identifier (e.g., SSN, student number), other indirect identifiers of the student (e.g., date of birth, place of birth, mother’s maiden name), other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates. |
Financial Information | Bank account number, debit or credit card numbers, insurance policy number, and other financial information. |
Geolocation Data | Precise location, e.g., derived from GPS coordinates or telemetry data |
Identifiers | Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. |
Inferences | The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. |
Internet or Network Information | Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement. |
Medical Information | Personal information about an individual’s health or healthcare, including health insurance information. Does not include (a) medical information governed by California’s Confidentiality of Medical Information Act, (b) protected health information that is collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 or (c) information collected as part of certain clinical trials. |
Online Identifiers | An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device. |
Physical Description | An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight). |
Professional or Employment Information | This term is not defined in the privacy legislation, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations). |
Protected Classification Characteristics | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
Sensory Information | Audio, electronic, visual, thermal, olfactory, or similar information. |