Skip to main content

KASPERSKY LAB – GLOBAL PRIVACY POLICY

Introduction

AO Kaspersky Lab, located at bldg. 3, 39A, Leningradskoe Shosse, Moscow, 125212, Russian Federation and its affiliates (collectively, "Kaspersky Lab") respect your privacy. This Global Privacy Policy describes the types of personal data provided by a data subject (hereinafter, the “Personal Data Subject”), how we use the information, and the choices you can make about our use of the information. We also describe the measures we take to protect the information and how you can contact us about our privacy practices.

Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

This Global Privacy Policy provides a general statement of the ways in which Kaspersky Lab protects your personal data. You may, however, in connection with specific products or services offered by Kaspersky Lab, be provided with privacy policies or statements that supplement this policy. This policy may be changed from time to time to reflect changes in our practices concerning the processing of personal data. The revised policy will be effective immediately upon posting to our website.

If you have any questions or comments regarding the processing of your personal information and Kaspersky's privacy practices or if you would like us to update information or preferences you provided to us, please contact our data protection officer at https://support.kaspersky.com/general/privacy or directly by post or email: Kaspersky Labs GmbH, Ingolstadt, Despag-Strasse 3, 85055, Germany, dpo@kaspersky.com.

You can also contact Kaspersky EU representative (in accordance with Article 27 GDPR): Kaspersky Labs GmbH, Ingolstadt, Despag-Strasse 3, 85055, Germany, info@kaspersky.de, +49 (0) 841 98 18 90.

This version of the policy is effective as of April 5, 2018.

The Sources of Information

Kaspersky Lab may obtain information about you from various sources, including:

  • on our websites

  • in response to marketing or other communications

  • through social media

  • by your signing up for Kaspersky Lab products or services

  • through participation in an offer, program or promotion

  • in connection with an actual or potential business or employment relationship with us.

You may also choose to consent to third parties disclosing information about you to us that those third parties have received.

Information Provided by Data Subjects and How We Use Information

Personal data processing by Kaspersky Lab is always carried out in a legal and fair manner. Kaspersky Lab will only process personal data for particular, pre-determined purposes that are or were legitimate with regard to applicable law, and that are relevant to Kaspersky Lab’s business. You will always know what kind of information you provide to Kaspersky Lab after you confirm with your consent. The data, which you provide, depends on the services, products and features you use, and can include the following types of data:

  • To ensure the required performance of products and services:

    • The unique identifier of the device

    • License information

    • URLs (network addresses) to be checked by the product based on the purpose of the product, including visited websites, addresses in the mail, etc.

    • Network addresses of client devices

    • Information about the suspicious objects to be checked and their parameters (according to the purpose of the device) — the path and name of the suspicious object, the behavior of the object.

    • Email address

    • Information about system operation and the environment of the product in case of a failure in the product’s functioning.

    • Information about the system environment in which the product operates.

    • In case of using the Antitheft function — device location, photo, and new phone number.

    • In case of using Safe Kids Products — child’s profile (name, birth year), device location, information about visited websites, messages posted by children on social networks, numbers of incoming or outgoing calls and SMS.

    • Analytical information provided by analytical services such as Google Analytics, Google AdWords, AppsFlyer, Facebook and others.

  • To identify new and challenging data security threats and their sources, as well as threats of intrusion, and to take prompt measures to increase the protection of the data stored and processed by the user with a computer:

    • The unique identifier of the device.

    • URLs (network addresses) to be checked by the product based on the purpose of the product, including visited addresses, addresses in the mail, etc.

    • Network addresses of client devices and addresses of counterparts of client devices.

    • Information about the suspicious objects to be checked and their parameters (according to the purpose of the device) — the path and name of the suspicious object, the behavior of the object.

    • Information about operation system activity and the environment of the product in case of a failure in the product’s functioning.

    • Information about the system environment in which the product operates.

  • To increase the level of support, monitoring of the defined level of software protection. and to improve the performance and quality of Kaspersky Lab’s products:

    • The unique identifier of the device.

    • Information about system operation and the environment of the product in case of a failure in the product’s functioning.

    • Information about the system environment in which the product operates.

  • To administer promotions or contests, establish contact with the user, as well as to forward notices, requests and information related to the KL services and the performance of agreements and contracts, and to process user requests and applications, organize promotional events, send marketing emails and special offers and to contact you about other Kaspersky Lab services or those of our affiliates or other third parties:

    • License information

    • Email address

  • To evaluate and improve quality in the use of our products, services and websites:

    • Analytical information provided by analytical services such as Google Analytics, Google AdWords, AppsFlyer, Facebook and others.

    • Information about system operation and the environment of the product in case of a failure in the product’s functioning.

    • Information about the system environment in which the product operates.

For more information about data you provide, please refer to our privacy policies for our products and services that you use.

Kaspersky Lab will retain personal data for as long as necessary to fulfill the purpose for which the data is processed in accordance with the objectives specified in the agreements (KSN user agreements, EULAs, consents), or to comply with applicable legal requirements.

International Data Transfers

We may transfer the personal information we obtain from you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Global Privacy Policy or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice).

Kaspersky Lab is a global business. To offer our services, we may need to transfer your personal information among several countries, including the Russian Federation, where we are headquartered. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of the European Economic Area ("EEA") or Switzerland.

The personal data provided by users to Kaspersky Lab can be processed in the following countries, including countries outside European Union (EU) or the European Economic Area (EEA):

Within the EU or EEA:

  • Germany

  • Netherlands

  • France

  • United Kingdom

  • Switzerland

Outside of the EU or EEA:

  • Canada

  • Singapore

  • Russia

  • Japan

  • USA

  • Mexico

  • China

  • Azerbaijan

The personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

How We Share Information

We may disclose the Information as follows:

  • Affiliates. We may share your information with our affiliates — companies that control, are controlled by, or are under common control with Kaspersky Lab.

  • Service Providers. We also may share your information with vendors that provide services to us, including companies that provide web analytics, data processing, advertising, e-mail distribution, payment processing, order fulfillment, and other services.

  • For legal reasons:

    • To protect our rights, operations or property, or that of our users.

    • To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of the Services Terms and Conditions.

    • To comply with applicable law or respond to valid legal process, including from law enforcement.

Your Rights and Options

You have certain rights regarding the personal data we maintain about you. We also offer you certain options about what personal data you provide to us, how we use that information, and how we communicate with you.

In most cases you can choose not to provide personal data to us when you use Kaspersky Lab’s products, services and websites. You may also refrain from submitting information directly to us. However, if you do not provide personal data when requested, you may not be able to benefit from the full range of Kaspersky Lab products and services and we may not be able to provide you with information about products, services and promotions.

You can at any time tell us not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us.

If your employer provides your personal data to Kaspersky Lab, you may have certain options with respect to Kaspersky Lab’s use or disclosure of the information. Please contact your employer to learn about and to exercise your options.

To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to Kaspersky Lab’s use or disclosure of your personal data will mean that you cannot take advantage of certain Kaspersky Lab products or services.

Subject to applicable law, you may have the right to: obtain confirmation that we hold personal data about you, request access to and receive information about the personal data we maintain about you, receive copies of the personal data we maintain about you, update and correct inaccuracies in your personal data, object to the processing of your personal data, and have the information blocked, anonymized or deleted, as appropriate. The right to access personal data may be limited in some circumstances by the requirements of local law. To exercise these rights, please contact us as set forth below.

If you provide us with any information or material relating to another individual, you should make sure that this sharing with us and our further use as described to you from time to time is in line with applicable laws; thus, for example, you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.

If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please relate this to us, as it gives us an opportunity to fix the problem. You may contact us by using the contact details provided in the “How to Contact Us” section below. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.

The Privacy Principles

Personal data processing at Kaspersky Lab is based on the following principles:

Consent and choice

  • Presenting to the Personal Data Subject the choice whether or not to allow the processing of their personal data except where the Personal Data Subject cannot freely withhold consent or where applicable law specifically allows the processing of personal data without the natural person’s consent. The Personal Data Subject election must be freely given, specific and made on a knowledgeable basis;

  • Obtaining the opt-in consent of the Personal Data Subject for processing sensitive Personal Data except where applicable law allows the processing of sensitive personal data without the natural person’s consent;

  • Informing the Personal Data Subject, before obtaining consent, about their rights under the individual participation and access principle;

  • Providing the Personal Data Subject, before obtaining consent, with the information indicated by the openness, transparency and notice principle;

  • Explaining to the Personal Data Subject the implications of granting or withholding consent.

Purpose legitimacy and specification

  • Ensuring that the purpose(s) complies with applicable law and relies on a permissible legal basis;

  • Communicating the purpose(s) to the Personal Data Subject before the information is used for the first time for a new purpose;

  • Using language for this specification which is both clear and appropriately adapted to the circumstances; and

  • If applicable, giving sufficient explanations for the need to process sensitive personal data.

Data processing limitation

  • Limiting the gathering of personal data to that which is within the bounds of applicable law and strictly necessary for the specified purpose(s).

  • Deleting and disposing of personal data whenever the purpose for personal data processing has expired, there are no legal requirements to keep the personal data, or whenever it is practical to do so.

Use, retention and disclosure limitation

  • Limiting the use, retention and disclosure (including transfer) of personal data to that which is necessary in order to fulfil specific, explicit and legitimate purposes;

  • Limiting the use of personal data to the purposes specified by the Personal Data Controller prior to receiving the data, unless a different purpose is explicitly required by applicable law;

  • Retaining personal data only as long as necessary to fulfill the stated purposes, and thereafter securely destroying or anonymizing it; and

  • Locking (i.e. archiving, securing and exempting the personal data from further processing) any personal data when and for as long as the stated purposes have expired, but where retention is required by applicable laws.

Accuracy and quality

  • Ensuring that the personal data processed is accurate, complete, up-to-date (unless there is a legitimate basis for keeping outdated data), adequate and relevant for the purpose of use;

  • Ensuring the reliability of personal data provided from a source other than from the Personal Data Subject before it is processed;

  • Verifying, through appropriate means, the validity and correctness of the claims made by the Personal Data Subject prior to making any changes to the personal data (in order to ensure that the changes are properly authorized), where it is appropriate to do so;

  • Establishing personal data processing procedures to help ensure accuracy and quality; and

  • Establishing control mechanisms to periodically check the accuracy and quality of personal data processing.

Openness, transparency and notice

  • Providing the Personal Data Subject with clear and easily accessible information about the Personal Data Controller’s policies;

  • Establishing procedures and practices with respect to the processing of personal data;

  • Including in notices the fact that personal data is being processed, the purpose for which this is done, the types of privacy stakeholders to whom the personal data might be disclosed, and the identity of the Personal Data Controller including information on how to contact the Personal Data Controller;

  • Disclosing the options and means offered by the Personal Data Controller to Personal Data Subject for the purposes of limiting the processing of, and for accessing, correcting and removing their information; and

  • Giving notice to the Personal Data Subject when major changes in the personal data handling procedures occur.

Individual participation and access

  • Giving Personal Data Subject the ability to access and review their personal data, provided their identity is first authenticated with an appropriate level of assurance and such access is not prohibited by applicable law;

  • Allowing the Personal Data Subject to challenge the accuracy and completeness of the personal data and have it amended, corrected or removed as appropriate and possible in the specific context;

  • Providing any amendment, correction or removal to personal data processors and third parties to whom personal data had been disclosed, where they are known; and

  • Establishing procedures to enable the Personal Data Subject to exercise these rights in a simple, fast and efficient way, which does not entail undue delay or cost.

Information Security: How We Protect Your Privacy

Data security is Kaspersky Lab’s core business. All data and all information provided by you is confidential by default. Kaspersky Lab will therefore always apply technical and organizational data security measures for the protection of personal data that are adequate and appropriate, taking into account the concrete risks resulting from the processing of personal data as well as up-to-date security standards and procedures. In order to, among other reasons, identify and fulfill the appropriate level of protection, Kaspersky Lab classifies processing systems with personal data and implements cascading sets of protective measures.

Kaspersky Lab also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

  • The Information Security Department, which designs, implements and provides oversight to our information security program;

  • A determination of personal data safety hazards in the course of processing in a Kaspersky Lab processing system;

  • Application of appropriate information security tools;

  • Performance evaluation of applied personal data security measures before commissioning processing systems;

  • Implementing controls to identify, authenticate and authorize access to various services or websites;

  • Discovering the facts surrounding unauthorized access to personal data and adopting corresponding measures;

  • Recovery of personal data that was modified or destructed;

  • Establishing access rules to personal data processed in Kaspersky Lab processing systems and also recording and accounting for all actions undertaken with personal data in these systems;

  • Encryption between our clients and servers (and between our various data centers);

  • We restrict access to personal information to Kaspersky Lab employees and to contractors who need to know the information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.

  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;

  • Monitoring measures taken to ensure the security of personal data;

  • Providing Kaspersky Lab personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

The measures implemented and maintained by Company is the subject to annual certification of compliance with ISO/IEC 27001. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). Compliance with this standard demonstrates that our security controls and processes are built according to best practice.

How To Contact Us

If you have any questions or comments about this Global Privacy Policy, Kaspersky Lab's privacy practices or if you would like us to update information or preferences you provided to us, please click here.