I. Scope of Policy
This AVAST Privacy and Information Security Policy applies to AVAST Software s.r.o.. ("Avast"), and all of its contractors, representatives, agents, and resellers while they are working on behalf of Avast (collectively “we” or “us”). AVAST Software s.r.o. is a data controller of personal data processed in accordance with this policy. This policy applies to the following situations and activities that we engage in:
This means situations in which you or the users of your device or computer (collectively “you”) visit a website that we own or operate including www.avast.com, or other websites under our direct control. This also includes circumstances where you download an Avast product or program or use an Avast service online, regardless of the site where you downloaded or use it, or who owns or operates that site. It also refers to interactions between your computer and us such as automatic updates, and our Avast Online Security, Avast FileRep, Avast ApkRep and Avast CommunityIQ features.
This includes calls for sales, service, or customer support. This policy will apply to any information that is collected from you when you call us.
Sometimes we may appear at a "live" or in-person event such as a trade show or promotion. If we collect any personally identifiable information in such a case, this policy will apply.
This refers to information that is collected from prospective Avast resellers at the time they apply to join the Avast reseller program. Certain information may be collected regarding the reseller or its individual representative(s), including contact information such as telephone number and email address. Similar information may be obtained regarding sub-resellers, where applicable.
Other circumstances where you contact us.
This includes contact by email, by clicking the "report a virus" link on our website, through our media contact or news subscription services, by requesting online service or support or opening a support ticket, and any other time that you contact us.
When we refer to "personally identifiable information," "personal data," or "personal information," we mean information that can identify you such as name, identification number, email address, phone number, or other information that refers specifically to you. We generally do not mean information that only refers to a business or organization but does not describe any specific individual. We also generally do not mean information that has been "anonymized," or stripped of all identifiers that refer to you specifically.
II. Information We Collect When You Visit Our Website
Use of "cookies" and other similar technologies.
- Google Analytics, Adobe SiteCatalyst and Firebase Analytics: In addition to the foregoing, we currently use three analytics tools: Google Analytics, Adobe SiteCatalyst and Firebase Analytics.
Google Analytics and Adobe SiteCatalyst help us understand the use of our site by our visitors. Because Google Analytics and Adobe SiteCatalyst require cookies to function, users who wish to avoid tracking by Google Analytics and Adobe SiteCatalyst while on our site can disable cookies on their web browsing software (see above).
Firebase Analytics is a mobile analytics services also provided by Google and governed by the Firebase Analytics terms of service. This service helps Avast understand our users and how they use Avast's apps including information about interactions with the user's mobile applications. Firebase Analytics uses identifiers for advertising on mobile applications (for example, Android Advertising ID and Advertising Identifier for iOS), and we will collect the AAID and AIiOS to understand our users, but users who wish to opt-out of the AAID and AIiOS advertisement tracking can do so through device advertising settings for mobile apps and Users who wish to avoid tracking by Firebase Analytics can opt-out in application settings. Data collected will be transmitted to and stored by Google on servers globally.
Crash Reporting: We currently use two Crash Reporting services on our mobile applications: Firebase Crash Reporting provided by Google and Fabric Crashlytics provided by Twitter, Inc. To enhance your user experience and to improve the stability of mobile applications, Avast uses Crash Reporting services to collect information about the devices that you use and your use of our applications (for example the timestamp of when you launched the application and when the crash occurred) which enables us to diagnose and resolve problems. If you do however wish to opt-out of this data collection via Firebase Crash Reporting and Fabric Crashlytics, you can do so via the application settings in our mobile applications. The data collected will be transmitted to and stored by Google (Firebase Crash Reporting) and by Twitter (Fabric Crashlytics) on servers globally.
Our website offers news and information by subscription including newsletters, blogs, or others. If you decide to subscribe to these services you may be asked to provide your first and last name, email address, and country of residence. If you subscribe to our "Reports and Bloggers" email newsletter (for media professionals), you will be asked to provide your first and last name, email address, title, publication name, and country. The information you provide will be used to deliver the content that you request. We will never use this information for direct marketing purposes unless you agree on a case-by-case basis (also known as "opting in"). We may use the information you provide to help develop content that is relevant to our professional media audiences. You are free to cancel your subscription(s) at any time by visiting www.avast.com/news-subscription.php?page=unsubscribe.
"Refer a friend."
There may be times when we post a "refer a friend" link that allows a site visitor to request that we send a message to a friend about an Avast product or service. You may request us to send a message only to those of your friends who have agreed to receive a message about an Avast product or service from us. We will respond by sending a single email message to the address provided. Contact with the friend will be by email only; we will never request that our users provide a friend's phone number or other contact information. We will not make any record of the email address that is provided, and after sending a single message we will not contact the friend again in response to the "refer a friend" request.
There are many opportunities to contact us via our website. There are links that allow you to reach us by email, by clicking a "report a virus" link, by clicking our media contact or news subscription buttons, or by requesting online service or support. In addition, U.S. users may be able to request a free in-person presentation with Avast security experts using a form on our "Community" pages. In general, the amount of information that we collect when you contact us will be in proportion to the nature of the contact. For example, if you contact us by email, we will require your email address in order to reply.
One of the features of our website is the "Community" section. This section includes a comments area, links to user pages, links to blogs, links to the Avast Forum, and links to third-party sites such as Twitter and Facebook. When you use any of the features of our "Community" section the following provisions will apply:
- User comments: You may post a general comment in the "Overview" section of the "Community" pages using your Facebook, Yahoo!, Hotmail, or AOL user ID. In such a case, the user ID that appears beside your comment will be the user ID for the service that you have selected (Facebook, etc.). If you have a primary photo connected with your user ID, that photo will appear beside your user comment. Clicking on a thumbnail or profile link from our "Community" pages will take you to the third-party site from which the thumbnail or link was imported (for example, Facebook). Your use of a user ID from a third-party site is governed by the terms and conditions of the third party, but must also comply with our terms and conditions. The section below entitled "Third-party content and sites" will apply.
- Sweepstakes and promotions: We may sometimes offer sweepstakes, giveaways, or other promotions from the "Community" pages. In that case, we will use the information we receive for purposes of the promotion and no other purpose. We will never use your information for direct marketing purposes unless you "opt in" on a case-by-case basis. All other terms and conditions applicable to the promotion will be in the official rules that we publish.
The Avast Forum is accessible from the "Community" pages or "Support" section of our website. Certain features require registration in order to participate.
- If you decide to register, you will be asked to select a username, password, and physical location. Disclosing your physical location is optional. You will also be required to provide an email address for use in connection with Avast Forum. You may allow other users to send you messages if you wish.
- Once registered for Avast Forum you may control your privacy settings by visiting your "Profile" page. You can modify your settings at any time. You can also view your past posts, usage stats, password settings, and user profile as seen by others. You have the option to provide additional information if you wish. You may provide personal text; disclose your birth date and age; identify your gender, ICQ number, messenger username, or website name and address; disclose your physical location; and select an avatar or personalized picture. Any information you provide here will be visible to other users. The following minimum items of information will be available to all users, regardless of your profile settings: your username, your total number of posts and posts per day, the date and time you registered, your local time, and the date and time of your last activity.
You may also join the Support Portal at support.avast.com. Certain features require registration in order to participate. Registration for the Support Portal is separate from registration for Avast Forum. When you register for the Support Portal you will be asked to provide your full name and email address, and select a password. No other information is required to register. This information is not shared with other users.
Avast Account (my.avast.com) is a tool which permits you to register multiple products using a single registration and authentication system. If you choose to use Avast Account you will be asked to provide your first name, last name, and email address. You will also be asked to select a password. We may use this information for purposes of validating your license, providing support, delivering additional products and services, and enabling you to change your Avast Account and/or product settings.
Third-party content and sites.
There may be times when we offer links to third-party sites such as Twitter, Facebook, or others.
- Occasionally thumbnails and user profiles (including your primary photo) from these sites will be imported onto our "Community" pages, as is the case if you post a comment that is linked to your Facebook profile. Clicking on such a thumbnail or profile link will take you away from the Avast website to a third-party site (for example, Facebook). By connecting from our website to any third-party site, you agree that we are not responsible for any loss or damage you may suffer as a result of your dealings with the third party, or your use of or reliance on any of that party's content.
III. Information We Collect When You Download or Use our Programs, Request Service or Support, or Pay for Products and Services
Free product downloads generally.
You are not required to disclose any personal information in order to download Avast Free Antivirus, Avast Free Mac Security, or Avast Free Mobile Security, and you are permitted to use these programs up to 30 days without registration. Within 30 days, you are required to register your copy of Avast Free Antivirus, Avast Free Mac Security, or Avast Free Mobile Security in order to continue using these programs for up to 12 months. After 12 months re-registration is required. The first time you set up the program you will be required to select a language, and you will be asked if you want to participate in the Avast Community by enabling your computer to provide security-related information on an as-needed basis. Participation in Avast Community is purely voluntary.
- Online product registration: To register our products online, you are generally required to provide your email address and select a password. We use this information to validate our users and verify the number of current licenses in existence. We may also use it to verify that copies of our product are legitimate, and not counterfeit. We will not use this information for direct marketing purposes unless you "opt in" to receive such communications from us, except that we may notify you of similar products or services that we offer to the extent that we are permitted to do so by law. We may send you an email if your license expires to ask if you want to renew. We may also request additional information such as your name, demographic information, or other information. This information generally is not required, but you may provide it if you wish.
- In-product registration: If you prefer, instead of online registration you may select "Registration form" from within the product interface. The registration form will request your email address and ask you to select a password. We may also ask general demographic questions such as your level of computer experience or your prior antivirus program. Any information other than your email address and password is optional.
- Avast Account: In some cases, you may be permitted to register multiple Avast products using a single registration and authentication system called Avast Account. If you choose to use Avast Account you will be asked to provide your first name, last name, and email address. You will also be asked to select a password. We may use this information for purposes of validating your license, providing support, delivering additional products and services, and enabling you to change your Avast Account and/or product settings. In the future this information may also be connected with your registration for Avast Forum and the Support Portal.
- Registration and log-in via Facebook: In addition to the foregoing, it is possible to register Avast Free Antivirus and to sign in to Avast Account via Facebook. If you choose this method for registration and sign-in, you will be asked to share certain information from your Facebook account with Avast. This information will include your first and last name, your profile picture, your gender, your network(s), your friends’ user IDs, and any other information that you made public in your Facebook preferences. You will also be required to share your email address with us. Of the foregoing information, we store only your first and last name, network(s), and email address. We do not store any other user information that we obtain from Facebook. Any of the above information that we store is kept in our internal database, using SSL technology and under minimum 256-bit key encryption. We do not allow access to any of this information to third parties.
If you choose Facebook as your registration or sign-in method, you will be asked for permission for Avast to take certain actions on your behalf. Specifically, we will request permission to post on your behalf in the following cases: (1) you register or install an Avast product; (2) you update an Avast program; or (3) an Avast program protects you from visiting an infected website. The messages that might be posted in such cases could include the following, or similar messages:
(1) “Avast Antivirus just saved my computer from infection! Try it now. It’s free.”
(2) “My Avast Antivirus just updated, with powerful new security features. Download it for FREE. You’ll love it.”
(3) “I just installed Avast Antivirus for free. I really like it. If you want the best protection, download Avast like I did.”
You are not required to agree to allow Avast to post on your behalf. If you do not wish to allow Avast to post these messages, click “Skip” at this stage in the registration process. You can modify your posting preferences at any time via my Avast Account (https://my.avast.com/en-us/facebook).
Data collected by specific products.
Some of our product offerings are required to collect additional information in order to deliver full product functionality, such as information about websites that you have visited and files on your computers. In general, we collect no more information than is required in order to provide full functionality of these products. Specific products, and the types of information that they collect when you use them, are as follows:
Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, Avast Free Mac Security, Avast Pro Antivirus for Mac, Avast Endpoint Protection, Avast Endpoint Protection Suite, Avast Endpoint Protection Plus, and Avast Endpoint Protection Suite Plus include the following features or collect the following types of information:
(1) Avast CommunityIQ: Avast CommunityIQ is a community-based service that provides Avast security experts with data taken from the actual web browsing experiences of Avast product users. Participation is voluntary. Data acquired by Avast CommunityIQ is used to update our databases of viruses and infected websites, and for other statistical purposes, and may include:
- URLs of visited websites, together with the information on the nature of identified threats (e.g., viruses, Trojans, tracking cookies, and any other forms of malware) and URLs of several sites visited before the infection was identified. This information is collected to ascertain the source of the infection.
- Information and files (including executable files) on your computer identified by the Avast software as potentially infected, together with the information about the nature of identified threats.
- Information about the sender (not including personal information) and subject of emails identified by the Avast software as potentially infected, together with the information on the nature of identified threats.
- Additional statistical information about threats detected by the Avast software.
(2) Avast FileRep: Avast FileRep is a database of executable files sourced from users who agree to participate in the service. The files (or their hashes — i.e., de-identified versions of the files) are stored and evaluated for the purpose of determining which are infectious and updating virus databases. Participation in Avast FileRep is voluntary, and data is not stored in a way that permits it to be associated with particular users. No user is required to agree to participate in the Avast FileRep service, however by doing so, you actively help yourself and others to experience a higher standard of security. If you do not want to participate, you can easily opt-out by un-ticking the box ‘Enable reputation services’ in the general settings menu.
(3) Avast Online Security: Avast Online Security is a browser plug-in which collects opinion information provided by users, and provides a reputation rating in the form of a visual icon that appears next to websites that appear in search results. The reputation rating is based on the votes of Avast Online Security participants. Participation is voluntary. If the Avast Online Security function is active, the Avast software may send Avast the URLs of websites you visit and the results of your web searches through search engines.
(4) Avast Antispam: Avast Antispam is a module that is designed to protect users against unwanted emails (spam). The software may collect Information contained in emails reported by you as spam or as incorrectly identified as spam by the software.
(5) Update Statistics: In order to better understand the usage of updating infrastructure, the software also collects information about all updates to the Avast software (including automatic updates), including certain information about your computer hardware and software configuration and/or network connection, as well as certain information about the installation and operation of the Avast software and errors or problems that are encountered.
(6) Offering of our mobile products: When you download or update our product, we may use information contained in third party cookies on your computer, such as information about the operating system on your mobile devices and related email address. We will use this information only for the purpose of offering you our mobile products such as Avast Free Mobile Security and, in case you agree, installing them on your device(s). Then we will maintain this information only for statistical purposes.
- Avast Free Mobile Security: Avast Free Mobile Security for Android is a security application for devices running Android. The AMS application scans your device, the Wi-Fi you are connected to and your Android operating system for infected files, unwanted privacy phishing, malware, spyware and even security issues in wireless networks. For this purpose, we collect information from your device and Android OS, including crash data, current language/country code, anonymous identification of Avast user, and identified threats or visited URLs. We do not collect your personally identifiable information as part of the AMS scanning. As a part of our Wi-Fi Security functionality we collect technical information about the hotspot you are connected to including hotspot location. As a part of our Call blocker functionality, we collect call logs including GUIDs and telephone numbers blacklisted by the end user. You can opt-out from the Wi-Fi location collection and calls logs collection in app Settings. Finally, as with other Avast programs, we may collect your email and IP address when purchasing the AMS in an app store. SMS Shield is an optional security feature that alerts you when you receive malicious links received by text message. When you receive any URL through Short Messaging Service, we send that URL to our server. If the URL is a known threat, we display an alert warning you not to open the link received. We don't collect any content of the message except the URL or any other information related to the message, to its sender or to you. SMS Shield is turned off by default but it is shown as a security risk by the AMS application until you turn it on or tap Ignore beside the warning. You can switch the feature on and off any time under Settings > Protection > SMS Shield. URLs sent to our server are not stored in connection with a user ID so we have no way of knowing which URLs were received by which users. We may pass anonymized URL distribution data to third parties. You can opt out of this sharing in Settings > Data settings > Data sharing. AppInfo is a feature which enables us to build a database of Android apps sourced by users of our mobile applications. This feature collects information about all apps on your device, including installs, uninstalls, updates, usage and resource consumption. We use this information to identify abnormal behavior and provide features and promotions that are relevant to you. You can opt out from this feature by switching off AppInfo in the Data settings.
- Avast AntiTheft: Avast AntiTheft for Android provides certain remote access and control functions designed to protect data residing on your mobile phone in the event of theft. In order for these functions to operate, our program must collect and store information about your phone and approved users. The types of data we collect includes the following, without limitation: (a) a list of approved SIM cards, (b) a phone number to notify you in the event of unauthorized SIM card replacement, and (c) a number where calls and messages can be forwarded in the event of theft.
- Avast SecureLine: When you use the Avast SecureLine virtual private network (VPN) service, the server may capture certain basic data such as the time and network location from which the VPN connection was made and the duration of the VPN connection. This information is routinely deleted within 30 days. In addition, the system may store data on the bandwidth transferred per session.
- Avast Passwords: Avast Passwords is a standalone program or feature that stores user passwords and notes under a single master password and permits the user to log on to multiple sites using a unitary sign-on credential. On Windows, Avast Passwords forms an integral part of Avast Antivirus (Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, Avast Endpoint Protection, Avast Endpoint Protection Suite, Avast Endpoint Protection Plus, and Avast Endpoint Protection Suite Plus), which can be activated by the user by either performing a smart scan or by opening the feature in the product menu. On other platforms (Android, iOS and Mac) Avast Passwords is a standalone program. When activated, Avast Passwords will check whether you have stored any passwords via your browser and will suggest you to move these passwords to Avast Passwords, where they are stored securely. When you choose do so, Avast Passwords will upload those passwords and remove them from your browser. Please note that the browser check happens locally on your device and no passwords are sent to the Avast servers. User passwords are stored locally on your devices encrypted by the Avast Passwords application. If you choose to activate the optional feature "Synchronisation & Backup", your passwords and notes will be backed up on a remote server in securely encrypted form, which cannot be decrypted by us.
Avast Call Blocker has no access to any of the incoming phone calls, phone numbers or contact lists on your iOS device. Blocking of SPAM calls is managed by iOS operating system itself by comparing incoming phone calls’ numbers with the SPAM database created by Avast’s algorithm.
- CleanUp: CleanUp is offered as a bootable Linux-based and as a Windows program. It removes tough malware. In order to use it, the following information must be stored: (a) your name, surname, email address, password hash, originating IP address, display name and number of scanned systems; (b) scanned systems history including data about operating system, hostnames and usernames of the systems, patch level, system health, hardware information (including CPU), graphics card information, hard drive information, system hard drive boot sectors, system's hard drive volume headers; (c) system data information- list of computer software installed, directory listing of software, registry name and entries, registry hives and executables; (d) wifi connection security information, i.e. the used level of the connection's encryption.
- Avast Wi-Fi Finder: Avast Wi-Fi Finder for iOS and Android provides information about free hotspots with Internet. It is based on crowdsourced data, meaning that every user willingly contributes to the database. We pair the hotspot name you mark as public with the location of your device in order to show it on the map to other users. For this purpose, we collect and share with other Avast Wi-Fi Finder users: a) location of the device when you use “submit a hotspot“, b) names of hotspots you submit to the database, c) some technical information about the network (speed, signal strength, security assessment, frequency and mac address, IP address of the device, d) avast user identifier and hardware identifier and e) hotspot passwords.
- Avast Battery Saver: Avast Battery Saver is an application aimed to help its users to identify what's running in the background, speed up their device, and save the battery of the device. In order to improve the product, Avast collects names of the applications of the device stopped by the user.
- Avast ApkRep: Avast ApkRep is a feature which enables us to build a database of Android apps sourced by users of Avast Mobile Security. The feature stores hashes of application files together with a random number (GUID) which is generated the first time that you use Avast Mobile Security, as well as metadata about the applications (e.g. application package name, application signing certificate information, source market identifier and file size). These data are analyzed to find infectious applications and to update our virus databases, which is necessary to continuously improve Avast Mobile Security in order to keep you secure.
- Avast Browser: In the default setting, the Avast Browser will process:
- Your IP Address
- a unique number assigned to your installation of the Browser
- usage data and
- browser extensions
Avast uses the data to provide the Browser’s functionality, to monitor performance and to improve the browser. Avast does not store your IP Address after thirty days. You can access and manage key privacy features from the Avast Browser’s settings:
- Security & Privacy Center - The built in Security & Privacy Center is a curated collection of some key security and privacy features, tools and settings, organized into one management console making it easier for you to control and manage your online privacy and security.
- Anti-Phishing - Blocks malicious websites and downloads to help prevent your PC from becoming infected with viruses, spyware, and ransomware.
- Privacy Cleaner - Cleans your browser history, cached images, cookies including both first-party and third-party cookies, and other junk with just one click, to keep your activity private and free up disk space.
- Stealth Mode - Prevents your browsing history from being stored and removes any tracking cookies (i.e. both first-party cookies and third-party cookies) or web cache you pick up during that browsing session.
In addition to the above, in the default settings, the Avast Browser will process the following data locally on your machine:
- your browsing history
- personal information and passwords
- a list of permissions
- thumbnail-sized screenshots of websites that you visit
- cookies or data from websites you visit
- data saved by browser extensions and add-ons
- data on what you downloaded from websites
- data imported from other browsers and
You can manage the data stored locally on your machine in the Avast Browser settings. Data stored locally on your machine is not collected by Avast's servers. You can manage this information in several ways:
- You can delete your browsing history, cookies and site data by visiting the Security & Privacy Center and using the ‘Privacy Cleaner’ tool.
- You can stop Avast Secure Browser from accepting cookies from publisher websites by ensuring that ‘Anti-Tracking’ is turned on from within the Security & Privacy Center. In addition, you can modify the cookie setting policy under the Avast Secure Browser Settings, go to Settings/Advanced settings/Security & privacy/Content settings
- You can review stored passwords using the Avast Secure Browser default password manager in Avast Secure Browser Settings, go to Settings/Advanced settings/Passwords and forms/Manage passwords
- You can view and manage your stored Autofill information in Avast Secure Browser Settings, go to Settings/Advanced settings/Passwords and forms/Autofill settings
- Family Shield. Family Shield is a location-based mobile phone application service. The master user installs the application on his/her device and then also on the device of a connected user, for example a child or parent. The application collects users’ telephone numbers, location of mobile device, location-based information, website domains, and app usage history, to provide the requested service. One of its features is for the master user to know where a connected user is (for example, using the application, a mother or father can connect their device with the device of a child or parent and then see where their child or parent is located). Another feature allows the master to set parameters that will block or permit specific websites, and/or applications from running on or from being collected from the connected user's device. This application also provides the master user with the battery level of the connected user's device. Login is managed using Facebook login, but we use the Facebook login information only for authentication. We do not collect any information regarding your Facebook account beyond this authentication. Except for children of Avast employees, or as part of a product feature described in this policy such as Family Shield, we do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age.
- Other products: There may be other products (current or future) that require that we collect certain types of personal information in order to enable full product functionality. We will always inform you prior to collecting any such information, usually in the terms of service or end user license agreement (EULA) applicable to the product in question.
We reserve the right to store and use the information collected by the Avast software and to share such information within the Avast Group in order to improve the Avast Group’s current and future products and services, to help the Avast Group develop new products and services, and to better understand the behavior of Avast users. We may publish or share that information with third parties that are not part of the Avast Group, but we will only ever do so after removing our users’ personally identifiable information. Any reference in this policy to “Avast Group” means Avast, its parent companies and any company that is controlled by or under common control with Avast or its parent companies.
We sometimes communicate with our users using a technique known as "in-product messaging." In-product messaging may be used in the following scenarios: (1) when a user's license is about to expire; (2) when a user chooses to update or upgrade an Avast program; (3) when a virus database is updated; (4) when a user visits an infected webpage; (5) when a monthly security report is prepared for the user; or (6) in other cases where user communication is necessary. We may also sometimes use in-product messaging to notify users of new products or upgrades to existing products and services. The Avast program on the user's machine initiates a secured request to the Avast server using https protocol. The Avast server takes the appropriate action and sends a return message to the Avast program, which displays a corresponding message to the user (for example, a message that the virus database has been updated). Personal information is generally not exchanged using this process except to the extent necessary to perform a transaction. In-product messaging also permits the computers or devices of our users to transmit information to our servers including technical data, virus definitions, security, and technical information about the users' hardware. This information is used for statistical purposes, product updates, quality control, and in product and feature design; this information is stored in a way that is not associated with a particular user. In the future, Avast Account information may be exchanged using this procedure.
When you use our services or request support.
We may at times collect personally identifiable information from you in the course of providing our services or support. This information may be collected from you verbally, from your computer, or via electronic communication (including communications between your computer and us, or other automated communications). If you request support we may offer you the option of accepting a remote session in which we take control of your device or computer; in such a case we may acquire information via communication between your computer and ours.
This information is collected to help us provide the service or support that you have requested.
- We may at times request personal information such as name, home or work address, email address, telephone or mobile phone number(s), or other information by which we may identify you. This information is collected for identification purposes, and to confirm that transactions with you are legitimate and not with an imposter. We will not use this information for direct marketing purposes unless you "opt in" to receive such communications, except that we may notify you of similar products or services that we offer to the extent that we are permitted to do so by law. If you contact us for support, or initiate a transaction with us, we may suggest that you upgrade or update products or services. We may also contact you if your product license has expired or is about to expire.
- In cases where you request individual support or assistance we may also ask you to provide information about your device or computer, your means of accessing the Internet, or your Internet service provider. This information may include, without limitation, your email address, IP address, information about your hardware and software, the URLs of sites you have visited, files stored on your computer (including potentially dangerous or infected files), email messages (whether stored on your computer or elsewhere), information regarding senders and receivers of email messages, and the like. This information is collected to help us to provide services and support, to identify and remove computer viruses, and to help us solve your technology problem(s). For purposes of this section we will use any such information only when providing individual support or assistance at your request, and will not retain such information any longer than necessary for this purpose. This information will not be stored in a way that identifies you personally in any record that we keep of your request for assistance.
- The service provider may request billing information such as your name, home or work address, email address, telephone or mobile phone number(s), plus payment information including credit card number, expiration date, name of your issuing bank, and the like. The purpose of this information is to enable payment for products or services that you order. The third-party service provider may transmit some of your personal information to us, but not including payment information, unless you specifically agree (as may be the case in the event of a purchase with auto-renewal). We may use the information we receive (not including payment information) to verify your registration or license status, to contact you about the status of your account, or for renewal of your subscription, if applicable.
- In all cases where your payment data is processed by a third-party service provider, we have determined that the service provider follows data privacy and security procedures that we deem adequate. Some of these third-party service providers are subject to the enhanced data privacy rules of the European Union. Others have registered for, and certified compliance with, the so-called "Safe Harbor" framework of the U.S. Department of Commerce for the handling of personal information. In all cases, such third-party service providers have executed agreements with us promising not to use personal information of our users for their own marketing purposes, and not to share this information with other parties.
IV. Special Types of Personal Information
We never collect "sensitive" personal data such as sexual preference, religion, political views, or health. We do not wish to receive any such data and will not request it from you.
Data on children.
Persons under the age of 18 should not transfer personal information to us unless they have the consent of their parent(s) or guardian(s). Except for children of Avast employees, we do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age.
V. Storage, Retention, and Deletion of Personal Information
Storage of information.
Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
Data collected by Avast BackUp is transmitted in encrypted format using SSL technology, and stored under minimum 256-bit key encryption. Information collected by Avast CreditAlert is transmitted using SSL technology, and very private information such as financial data is stored under rotating 256-bit key encryption. Data transmitted using Avast SecureLine VPN service is also encrypted. In all cases data is transmitted to and from our servers using https protocol. In some cases this information may be transmitted to or stored within the European Union (“EU”), and in other cases the information may be transmitted to or stored at a location outside the territory of EU member states, such as the United States or other non-EU locations.
Access by our contractors.
Maintenance of personally identifiable information is performed either by us or by contractors who we hire, or by our subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf. All such third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. All have agreed not to share personal information of our users with other parties, and not to use such personal information for their own direct marketing purposes.
Third Party Advertisements.
Disclosure to third parties.
There may be limited circumstances in which we are required to disclose your personally identifiable information to unrelated third parties.
- There may be a few other limited cases in which we might share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party who is working for us, we may share your personal information with the third party in order to respond to your request. The third party who is working for us may also transmit back to us any new information obtained from you in connection with providing the service or product.
Deletion of personal information.
In general, our policy is to keep personal information for no longer than reasonably necessary in light of the purpose for which the information was collected, plus any additional period that is permitted or required by law thereafter. Following the expiration of the purpose for which we collected personal information plus any additional period that is permitted or required by law, we will either delete or de-identify the information from our systems.
- If you subscribe to a recurring newsletter, we will keep the information in order to fulfill your subscription request until you cancel your subscription.
- For products that are registered on a periodic basis (for example, a one-year license), we will keep your personal information for the duration of your product registration, and longer if you renew your license.
- If you purchase a "premium" or paid service, we or our third-party service providers will retain payment information for as long as is necessary to complete payment, plus any period of time thereafter that is required or permitted by law.
- If you participate in a giveaway or promotion that we offer, we will retain your data long enough to administer the promotion, plus any additional time that is permitted or required by law.
We strive to delete or de-identify inactive data as soon as is reasonably possible after the above time periods have passed. We attempt to take this action every 90 days unless we have a specific reason to delete data sooner — for example, if you contact us to request that your information be removed from our system. In the case of Avast Forum, Support Portal, or Avast news and blogs, your account is kept active until you delete it, but we reserve the right to remove you from our database and delete your credentials if you have not been active for an extended period of time.
VI. Information Security
Safeguards for protection of personal information.
We maintain administrative, technical, and physical safeguards for the protection of personal information. These safeguards include the following:
- Administrative safeguards: Access to our personal data of users is limited to authorized personnel who have a legitimate need to know based on their job descriptions — for example, employees who provide technical support to end users, or who service user accounts. All such data is subject to password protection. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. Where an individual employee no longer requires access, that individual's credentials are revoked.
- Technical safeguards: Personal information of users that is stored in our database using the protections described above in the section entitled "Storage of information." In addition, we utilize up-to-date firewall protection for an additional layer of security. We utilize high-quality antivirus and anti-malware software, and regularly update virus definitions. Third parties who we hire to provide services and have access to our users' data agree to implement privacy and security practices that we deem adequate.
- Physical safeguards: Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise access is limited to our physical premises; removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
Deletion of personal information.
By retaining personal information no longer than is reasonably necessary for the function for which we originally collected it, we effectively reduce the quantity of personal information that is in our possession at any given time. This, in turn, helps reduce the degree of risk associated with our maintenance and storage of personal information on the whole: the less data we store, and the shorter time we keep it, the smaller the risk of overall harm in the event a breach.
We also strive to collect no more personal information from users than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
Notification in the event of breach.
In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected. The method of notice may be tailored to suit the facts of a particular case — for example, if the only contact information that we have for a particular user is an email address, then the notification will necessarily be by email. We may elect to give notice via the in-product messaging system described above. In an unusual case — for example, if we believe there are users for which we have no contact information on file — we may give notice via publication on our company website. In any case we reserve the right to delay notification is we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
VII. Compliance with Laws and Dispute Resolution
Residents of Czech Republic.
You have the right to access your personal data, the right to correct such data, and other rights in accordance with Section 21 of the Act No. 101/2000 Coll., as amended, Personal Data Protection Act. In particular, you have the right to request explanations regarding processing of your personal data and to require remedies such as blocking, correction, supplementing or liquidation of personal data if the processing is contrary to protection of your private and personal life or in contradiction with law.
Residents of the EU.
For residents of the EU, the handling of personal information is subject to EU Directive 95/46/EC, also known as the EU Privacy Directive, as well as local law. We have registered with the Office for Personal Data Protection of the Czech Republic. Registration with this office governs our collection and handling of information from employees, visitors to our physical premises, and customers. Additional information on the Office for Personal Data Protection is available here: http://www.ceecprivacy.org/main.php or http://www.uoou.cz.
There may be occasions in which we transmit personal data collected from EU residents to a location outside of the EU, including potentially the United States. The personal data may be transmitted to locations that may have less protective personal data protection legislation than the country of your residency. We comply with all conditions required by law for transmission of personal data to such locations.
We are also subject to certain provisions of EU Directive 2002/58/EC (also known as the E-Privacy Directive) governing privacy in various types of electronic communications. Additional information is available here: http://europa.eu/legislation_summaries/information_society/legislative_framework/l24120_en.htm.
Residents of the Russian Federation
We collect and process personal data on the territory of the Russian Federation in strict compliance with the applicable laws of the Russian Federation.
We collect and process personal data (including sharing it with third parties) only upon the consent of the respective individuals, unless otherwise is provided for by the laws of the Russian Federation. You will be asked to grant your consent by ticking the respective box / or clicking “I accept” button or through similar mechanism prior to having access to the site, and/or when submitting or sharing the personal data we may request. We collect and use your personal data only in the context of the purposes indicated in the consent to processing of personal data.
We (directly or through third party contractors specifically authorized by us) collect, record, systematize, accumulate, store, actualize (update and amend), extract personal data of the Russian Federation citizens with the use of databases located on the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process personal data of Russian citizens using databases located outside of the Russian Federation subject to compliance with Russian data protection legislation.
We undertake all the actions necessary to ensure security of your personal data.
You are legally entitled to receive information related to processing your personal data. To exercise this right, you have to submit a request by e-mail at: firstname.lastname@example.org with the headline “PRIVACY REQUEST” in the message line.
You have the right to revoke the consent at any time by sending us an e-mail at: email@example.com with the headline “PRIVACY REQUEST” in the message line. Once we receive the revocation notice from you we will stop processing and destroy your personal data. However, please note once you have revoked your consent, we may not be able to provide to you the products and services you request, and may not be able to ensure proper work of our products.
We do not transfer your personal data to the countries that under Russian law are not deemed to provide adequate protection to the individuals’ rights in the area of data privacy.
We do not offer, sell or otherwise make available our products or services that have access to, collect and process (or allow us to do the same) personal data of third parties in the Russian Federation without the consent of such third parties.
If any provisions of this Policy contradict the provisions of this section, the provisions of this section shall prevail.
Residents of Switzerland.
The collection and handling of personal information of residents of Switzerland are governed by the Swiss Federal Act on Data Protection, also known as the Data Protection Act ("DPA"). There may be cases where personal data is collected from Swiss residents and subsequently transmitted to locations outside of Switzerland, such as the United States. Additional information on the Swiss DPA can be found here: https://www.edoeb.admin.ch/edoeb/en/home/data-protection/dokumentation/legal-framework.html.
Residents of the United States.
The collection and handling of personal information in the United States is subject to federal legislation, regulation by federal government agencies, and regulation on the state level. The federal agency with primary jurisdiction over our data handling practices is the Federal Trade Commission ("FTC").
Sharing of information among Avast entities in different jurisdictions.
Our data collection and data management practices do not vary by location. We follow the same minimum data security and data privacy procedures with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one Avast entity to another (for example, from AVAST Software s.r.o. to AVAST Software, Inc.).
We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, the following procedures will apply.
- For all users: informal dispute resolution:
If you have a disagreement with us relating to our handling of your personal information, we ask that you contact us to work it out. We are always happy to hear from you, and we promise to try our best to respond to any concerns you may have.
There are several ways you can reach us:
(1) You can always reach us by email at firstname.lastname@example.org. Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Avast team respond.
(2) If you prefer, you can send paper mail to AVAST Software s.r.o., Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic. Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.
- For residents of the European Union and Switzerland: If you live in the EU or Switzerland and you have a dispute regarding our handling of your personal data, you may contact the Data Protection Authority(ies) in your jurisdiction. Information on Data Protection Authorities in Europe can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm.
For residents of the United States: If you live in the U.S. and you have a dispute regarding our handling of your personal data, you may contact the FTC for information. See http://www.ftc.gov/bcp/index.shtml. You may also contact the attorney general of the state where you live.
Special note for residents of California.
Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy and Information Security Policy. California residents seeking additional information on this requirement or our privacy practices in general may write to us at email@example.com with the headline “PRIVACY REQUEST” in the message line. They may also send paper mail to AVAST Software s.r.o., Pikrotva 1737/1a, 140 00, Prague 4, Czech Republic. Please write "Attention: PRIVACY" in the address.
VIII. How to Request Changes to Your Personal Information
You may request information on the way your personally identifiable information is stored. In addition, you may also request changes to the information we have on file for you — this could be the case if you believe that some information we have about you is incorrect, or there is some information about you that has changed (for example, if you no longer use a former email address). To request information or changes regarding your personally identifiable information that we have on file, please email firstname.lastname@example.org with the headline “PRIVACY REQUEST” in the message line. You may also send paper mail to AVAST Software s.r.o., Pikrtova 1737/1a, 140 00, Prague 4, Czech Republic. Please write "Attention: PRIVACY" in the address.