- Scope of Policy
- Information We Collect When You Visit Our Website
- Information We Collect When You Download or Use our Programs, Request Service or Support, or Pay for Products and Services
- Special Types of Personal Information
- Storage, Retention, and Deletion of Personal Information
- Information Security
- Compliance with Laws and Dispute Resolution
- How to Request Changes to Your Personal Information
I. Scope of Policy
This AVAST Privacy and Information Security Policy applies to AVAST Software a.s., Avast Software N.V., AVAST Software, Inc., each of their subsidiaries and affiliates (collectively "Avast"), and all of their contractors, representatives, agents, and resellers while they are working on behalf of Avast (collectively “we” or “us”). AVAST Software a.s. is a data controller of personal data processed in accordance with this policy. This policy applies to the following situations and activities that we engage in:
This means situations in which you or the users of your device or computer (collectively “you”) visit a website that we own or operate including www.avast.com, or other websites under our direct control. This also includes circumstances where you download an Avast product or program or use an Avast service online, regardless of the site where you downloaded or use it, or who owns or operates that site. It also refers to interactions between your computer and us such as automatic updates, and our avast! WebRep, avast! FileRep, and avast! CommunityIQ features.
This includes calls for sales, service, or customer support. This policy will apply to any information that is collected from you when you call us.
Sometimes we may appear at a "live" or in-person event such as a trade show or promotion. If we collect any personally identifiable information in such a case, this policy will apply.
This refers to data concerning Avast employees. In general, human resources (HR) data is handled in a manner consistent with the provision of this policy, except that such data is never used or shared with anybody for any direct marketing purposes, and the provisions of this policy relating to in-product messaging do not apply.
This refers to information that is collected from prospective Avast resellers at the time they apply to join the Avast reseller program. Certain information may be collected regarding the reseller or its individual representative(s), including contact information such as telephone number and email address. Similar information may be obtained regarding sub-resellers, where applicable.
Other circumstances where you contact us.
This includes contact by email, by clicking the "report a virus" link on our website, through our media contact or news subscription services, by requesting online service or support or opening a support ticket, and any other time that you contact us.
When we refer to "personally identifiable information," "personal data," or "personal information," we mean information that can identify you such as name, identification number, email address, phone number, or other information that refers specifically to you. We generally do not mean information that only refers to a business or organization but does not describe any specific individual. We also generally do not mean information that has been "anonymized," or stripped of all identifiers that refer to you specifically.
II. Information We Collect When You Visit Our Website
Use of "cookies" and other similar technologies.
Our website offers news and information by subscription including newsletters, blogs, or others. If you decide to subscribe to these services you may be asked to provide your first and last name, email address, and country of residence. If you subscribe to our "Reports and Bloggers" email newsletter (for media professionals), you will be asked to provide your first and last name, email address, title, publication name, and country. The information you provide will be used to deliver the content that you request. We will never use this information for direct marketing purposes unless you agree on a case-by-case basis (also known as "opting in"). We may use the information you provide to help develop content that is relevant to our professional media audiences. You are free to cancel your subscription(s) at any time by visiting www.avast.com/news-subscription.php?page=unsubscribe
"Refer a friend."
There may be times when we post a "refer a friend" link that allows a site visitor to request that we send a message to a friend about an Avast product or service. You may request us to send a message only to those of your friends who have agreed to receive a message about an Avast product or service from us. We will respond by sending a single email message to the address provided. Contact with the friend will be by email only; we will never request that our users provide a friend's phone number or other contact information. We will not make any record of the email address that is provided, and after sending a single message we will not contact the friend again in response to the "refer a friend" request.
There are many opportunities to contact us via our website. There are links that allow you to reach us by email, by clicking a "report a virus" link, by clicking our media contact or news subscription buttons, or by requesting online service or support. In addition, U.S. users may be able to request a free in-person presentation with Avast security experts using a form on our "Community" pages. In general, the amount of information that we collect when you contact us will be in proportion to the nature of the contact. For example, if you contact us by email, we will require your email address in order to reply.
One of the features of our website is the "Community" section. This section includes a comments area, links to user pages, links to blogs, links to the avast! Forum, and links to third-party sites such as Twitter and Facebook. When you use any of the features of our "Community" section the following provisions will apply:
The avast! Forum is accessible from the "Community" pages or "Support" section of our website. Certain features require registration in order to participate.
Jumpshot user forum
The posts on the Jumpshot user forum (https://jumpshot.uservoice.com) are accessible solely via your existing Jumpshot Account. Before submitting a post you should ensure that you did not enter any personal data. Search engines can and do collect information from the discussion forums and can publish it even if the information has been deleted from our servers. Deletion or correction of such postings held in a cache by third parties such as search engines is not always possible.
You may also join the Support Portal at support.avast.com. Certain features require registration in order to participate. Registration for the Support Portal is separate from registration for avast! Forum. When you register for the Support Portal you will be asked to provide your full name and email address, and select a password. No other information is required to register. This information is not shared with other users.
avast! Account (my.avast.com) is a tool which permits you to register multiple products using a single registration and authentication system. If you choose to use avast! Account you will be asked to provide your first name, last name, and email address. You will also be asked to select a password. We may use this information for purposes of validating your license, providing support, delivering additional products and services, and enabling you to change your avast! Account and/or product settings.
Jumpshot Account is a tool that permits you to register your personal details when you use Jumpshot.
Third-party content and sites.
There may be times when we offer links to third-party sites such as Twitter, Facebook, or others.
III. Information We Collect When You Download or Use our Programs, Request Service or Support, or Pay for Products and Services
Free product downloads generally.
You are not required to disclose any personal information in order to download avast! Free Antivirus, avast! Free Antivirus for Mac, or avast! Free Mobile Security, and you are permitted to use these programs up to 30 days without registration. Within 30 days, you are required to register your copy of avast! Free Antivirus, avast! Free Antivirus for Mac, or avast! Free Mobile Security in order to continue using these programs for up to 12 months. After 12 months re-registration is required. The first time you set up the program you will be required to select a language, and you will be asked if you want to participate in the avast! Community by enabling your computer to provide security-related information on an as-needed basis. Participation in avast! Community is purely voluntary.
Personal data collected by specific products.
Some of our product offerings are required to collect additional personal information in order to deliver full product functionality. In general, we collect no more personal information than is required in order to provide full functionality of these products. Specific products, and the types of information that they collect when you use them, are as follows:
The information described above, when collected by the Avast software, is generally not correlated with any other personal information related to you that Avast may be processing, such as information provided during the process of ordering and downloading the software. Unless you have permitted otherwise, the information collected by the Avast software is used anonymously in aggregation with similar information from other users of the software for analytical purposes to identify new viruses and threats, for improvement and development of the software, and for statistical purposes.
We sometimes communicate with our users using a technique known as "in-product messaging." In-product messaging may be used in the following scenarios: (1) when a user's license is about to expire; (2) when a user chooses to update or upgrade an Avast program; (3) when a virus database is updated; (4) when a user visits an infected webpage; (5) when a monthly security report is prepared for the user; or (6) in other cases where user communication is necessary. We may also sometimes use in-product messaging to notify users of new products or upgrades to existing products and services. The Avast program on the user's machine initiates a secured request to the Avast server using https protocol. The Avast server takes the appropriate action and sends a return message to the Avast program, which displays a corresponding message to the user (for example, a message that the virus database has been updated). Personal information is generally not exchanged using this process except to the extent necessary to perform a transaction. In-product messaging also permits the computers or devices of our users to transmit information to our servers including technical data, virus definitions, security, and technical information about the users' hardware. This information is used for statistical purposes, product updates, quality control, and in product and feature design; this information is stored in a way that is not associated with a particular user. In the future, avast! Account information may be exchanged using this procedure.
When you use our services or request support.
We may at times collect personally identifiable information from you in the course of providing our services or support. This information may be collected from you verbally, from your computer, or via electronic communication (including communications between your computer and us, or other automated communications). If you request support we may offer you the option of accepting a remote session in which we take control of your device or computer; in such a case we may acquire information via communication between your computer and ours.
This information is collected to help us provide the service or support that you have requested.
IV. Special Types of Personal Information
In general, human resources (HR) data is handled in a manner consistent with this policy. However, such data is never used or shared with anybody for direct marketing purposes, and the provisions of this policy relating to in-product messaging and product downloads do not apply (except in the case where an employee uses our products in his or her personal capacity, in which case the employee's information is subject to the same policies as any other user). In addition, HR data may be subject to different retention requirements than the data of our users; we store and maintain data in compliance with local law governing employment information. In the case of employees who have children we may collect and store the names of the children, their personal IDs and birthdates, copies of their birth certificates, scholastic status, and other information that relates to the taxation status of the employees. The purpose of collecting this information is to calculate the employees' tax rates and to otherwise comply with the law.
We never collect "sensitive" personal data such as sexual preference, religion, political views, or health. We do not wish to receive any such data and will not request it from you.
Data on children.
Persons under the age of 18 should not transfer personal information to us unless they have the consent of their parent(s) or guardian(s). Except for children of Avast employees, we do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age.
V. Storage, Retention, and Deletion of Personal Information
Storage of information.
Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
Data collected by avast! BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by avast! CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using avast! SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.
Access by our contractors.
Maintenance of personally identifiable information is performed either by us or by contractors who we hire, or by our subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf. All such third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. All have agreed not to share personal information of our users with other parties, and not to use such personal information for their own direct marketing purposes.
Disclosure to third parties.
There may be limited circumstances in which we are required to disclose your personally identifiable information to unrelated third parties.
Deletion of personal information.
In general, our policy is to keep personal information for no longer than reasonably necessary in light of the purpose for which the information was collected, plus any additional period that is permitted or required by law thereafter. Following the expiration of the purpose for which we collected personal information plus any additional period that is permitted or required by law, we will either delete or de-identify the information from our systems.
We strive to delete or de-identify inactive data as soon as is reasonably possible after the above time periods have passed. We attempt to take this action every 90 days unless we have a specific reason to delete data sooner — for example, if you contact us to request that your information be removed from our system. In the case of avast! Forum, Support Portal, or Avast news and blogs, your account is kept active until you delete it, but we reserve the right to remove you from our database and delete your credentials if you have not been active for an extended period of time.
VI. Information Security
Safeguards for protection of personal information.
We maintain administrative, technical, and physical safeguards for the protection of personal information. These safeguards include the following:
Deletion of personal information.
By retaining personal information no longer than is reasonably necessary for the function for which we originally collected it, we effectively reduce the quantity of personal information that is in our possession at any given time. This, in turn, helps reduce the degree of risk associated with our maintenance and storage of personal information on the whole: the less data we store, and the shorter time we keep it, the smaller the risk of overall harm in the event a breach.
We also strive to collect no more personal information from users than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
Notification in the event of breach.
In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected. The method of notice may be tailored to suit the facts of a particular case — for example, if the only contact information that we have for a particular user is an email address, then the notification will necessarily be by email. We may elect to give notice via the in-product messaging system described above. In an unusual case — for example, if we believe there are users for which we have no contact information on file — we may give notice via publication on our company website. In any case we reserve the right to delay notification is we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
VII. Compliance with Laws and Dispute Resolution
Residents of Czech Republic.
You have the right to access your personal data, the right to correct such data, and other rights in accordance with Section 21 of the Act No. 101/2000 Coll., as amended, Personal Data Protection Act. In particular, you have the right to request explanations regarding processing of your personal data and to require remedies such as blocking, correction, supplementing or liquidation of personal data if the processing is contrary to protection of your private and personal life or in contradiction with law.
Residents of the EU.
For residents of the EU, the handling of personal information is subject to EU Directive 95/46/EC, also known as the EU Privacy Directive, as well as local law. We have registered with the Office for Personal Data Protection of the Czech Republic. Registration with this office governs our collection and handling of information from employees, visitors to our physical premises, and customers. Additional information on the Office for Personal Data Protection is available here: http://www.ceecprivacy.org/main.php or http://www.uoou.cz.
There may be occasions in which we transmit personal data collected from EU residents to a location outside of the EU, including potentially the United States. The personal data may be transmitted to locations that may have less protective personal data protection legislation than the country of your residency. We comply with all conditions required by law for transmission of personal data to such locations.
We are also subject to certain provisions of EU Directive 2002/58/EC (also known as the E-Privacy Directive) governing privacy in various types of electronic communications. Additional information is available here: http://europa.eu/legislation_summaries/information_society/legislative_framework/l24120_en.htm.
Residents of Switzerland.
The collection and handling of personal information of residents of Switzerland are governed by the Swiss Federal Act on Data Protection, also known as the Data Protection Act ("DPA"). There may be cases where personal data is collected from Swiss residents and subsequently transmitted to locations outside of Switzerland, such as the United States. Additional information on the Swiss DPA can be found here: http://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.CH.
Residents of the United States.
The collection and handling of personal information in the United States is subject to federal legislation, regulation by federal government agencies, and regulation on the state level. The federal agency with primary jurisdiction over our data handling practices is the Federal Trade Commission ("FTC").
Sharing of information among Avast entities in different jurisdictions.
Our data collection and data management practices do not vary by location. We follow the same minimum data security and data privacy procedures with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one Avast entity to another (for example, from AVAST Software a.s. to AVAST Software, Inc.).
We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, the following procedures will apply.
Special note for residents of California.
Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy and Information Security Policy. California residents seeking additional information on this requirement or our privacy practices in general may write to us at [email protected] with the headline “PRIVACY REQUEST” in the message line. They may also send paper mail to AVAST Software a.s., Trianon Office Building, BUDEJOVICKA 1518/13a, 140 00, PRAGUE 4 Czech Republic. Please write "Attention: PRIVACY" in the address.
VIII. How to Request Changes to Your Personal Information
You may request information on the way your personally identifiable information is stored. In addition, you may also request changes to the information we have on file for you — this could be the case if you believe that some information we have about you is incorrect, or there is some information about you that has changed (for example, if you no longer use a former email address). To request information or changes regarding your personally identifiable information that we have on file, please email [email protected] with the headline “PRIVACY REQUEST” in the message line. You may also send paper mail to AVAST Software a.s., Trianon Office Building, BUDEJOVICKA 1518/13A, 140 00, PRAGUE 4, Czech Republic. Please write "Attention: PRIVACY" in the address.