Kaspersky Internet Security for Mac
English
Kaspersky Internet Security licensing  >  About data provision (European Union)

About data provision (European Union)

When distributed in the European Union, Kaspersky Internet Security meets the terms of the General Data Protection Regulation (GDPR).

During the Kaspersky Internet Security installation, you will be asked to read and accept the terms and conditions of the End User License Agreement and the Privacy Policy. When you accept the End User License Agreement, you confirm that you are of the required age to install Kaspersky Internet Security within the European Union.

You will also be asked to accept the KSN Statement and the Marketing Statement, which allow Kaspersky Lab to offer you additional benefits. If you choose to accept these statements, you can still revoke your acceptance in the application preferences at any time.

End User License Agreement

Kaspersky Lab has to verify that the license you will use is legal during activation and use of the application. To do so, Kaspersky Lab has to receive and process the following information about the application license, and computer:

  • Type of the installed application.
  • Version of the installed application.
  • Localization of the installed application.
  • Versions of the installed updates.
  • Identifier of the computer.
  • Identifier of the application installation on the computer.
  • Activation code of the current license.
  • Unique identifier of activation of the current license.
  • Type of the operating system.
  • Version of the operating system.
  • Word size of the operating system.
  • Name of the virtual environment if the application is installed in the virtual environment.
  • Identifiers of the application components that are active at the time the information is provided.

The My Kaspersky portal helps you remotely manage your acquired licenses and the protection of your computer. This functionality requires that Kaspersky Lab receive from your computer and process information about the application, the acquired license, and information about the computer, specifically:

  • Activation code of the application, status and type of the activated license, information about license activation error, expiration date of effective license validity period, information about additional installed licenses.
  • Device type, information about the version of the operating system installed on the device and installed service packs, device type image.
  • Name of the computer on the network (domain names).
  • Regional parameters of the operating system (information about the time zone, default keyboard layout, language of the interface).
  • Information about installed applications of Kaspersky Lab, application operating mode and the status of the anti-virus computer protection: application version, unique ID of installation of the application on the computer, unique ID of the computer, ID of the My Kaspersky account.
  • Versions of used anti-virus databases and the time of their last update.
  • Status of the protection components, the list of detected and ignored security problems.
  • One-time password for registering the device on the My Kaspersky portal, the reason for disconnecting from the My Kaspersky portal.
  • Partner’s rebranding code.
  • Page identifier, country and region of the My Kaspersky portal.
  • Version of the used protocol.

The core functionality of the application as described in the application Help is to protect the user from known threats to information security. To provide this core functionality while you are using the application, Kaspersky Lab has to receive from your device and process information about the installed application, the acquired license, the scanned objects, detected threats and infections on the computer, information about the computer and devices connected thereto, the computer’s activity on the Internet, specifically:

  • Data to obtain the authorization session token.
  • Connecting application to the My Kaspersky portal.
  • Information about websites visited: the website's web address, the initial domain parts of web addresses, which the user entered in the browser address line or opened from search systems.
  • Taking or not taking part in the KSN.
  • Row with information about linking the activation code with the user: unique user identifier on the My Kaspersky portal, application activation code, license ownership type (owner/not owner), My Kaspersky Infra signature.
  • Country and region of the Kaspersky Lab website from which the trial version of the application was downloaded.
  • User's email, which is used to connect to the My Kaspersky portal.
  • Page on the My Kaspersky portal to which the link from the application directs.
  • Information indicating the element of the interface from which the user decided to purchase the application.
  • Information about licensing: application activation code, purchased activation codes, application activation date, activation error, expiration date and time of expiration of the active license during application installation, number of days that elapsed since application activation, number of days left before license expiration, number of days that elapsed since license expiration, total number of days of license activity, type of installed license, license activation date, license expiration date, license key serial number, license ID, current license status, current status of the subscription, validity period of the installed license, title of the license ticket, subscription type, general information about the licenses in the application; information about the activated license: the identifier and the validity period, information about the trial version of the application, number of the order for which the license was purchased, ID of the price list position for which the license was issued, identifier of the application for which the license is intended, reason for the current status/modification of the subscription, subscription expiration date.
  • Information about the partner: identifier of the partner who sold the license, country in which the partner who sold the license is located, number of the order for which the license was sold used by the partner, full name of the partner for whom the order for the license was issued.
  • Data about the license for identifying a group of users by additional properties of the subscription license.
  • Data about the license for identifying a group of users of the company that purchased the license by the information comment in the license properties.
  • Information about the application: version of the installed application, build number of the application without autopatches, code of the application localization alphabet according to ISO 15924, application version patch, application installation date, the language code of the application according to ISO 639-1, unique identifier of the application installation, type of installed application, country code according to ISO 3166-1 Alpha-2, application localization, application rebranding identifier, application ID, customization ID.
  • Information about user’s device: user device ID, hash of the identifier of the user's computer, date and time on the user's computer.
  • Information about operation system: bitness of the operating system (for example, 32-bit or 64-bit), family of the operating system (for example, Windows or Mac), operating system version.
  • Status of the user’s acceptance of the terms of the agreement, type of agreement, version of the agreement.
  • Network name of the device, device platform, operating system type (for example, Windows, MacOS).
  • Identifier that is issued by the service upon successful registration of the application (service) and is used to authenticate and register services on this device thereafter.
  • Type of the token, device type, unique identifier of the device on the My Kaspersky portal. The activation service uses this parameter to get the following information: user account ID, ID of the device on which the application was installed, service identifier (it can contain several identifiers if several applications are installed on the device).
  • Service parameter indicating that the purchase will occur within the application window.
  • Information for registering the application on the My Kaspersky portal: user ID, device ID and application information.
  • Time of acceptance of the agreement.
  • Previous ID of the application on the My Kaspersky portal.
  • One-time password for automatic connection of the application downloaded from the My Kaspersky account.
  • Information about the reasons for disconnecting the application from the My Kaspersky portal.
  • Protocol over which the statistical data was received (for example, HTTPS or TCP).
  • Identifier of the information pattern that is used when granting the license.
  • Identifier of the service of the application that transferred the license activation request.
  • Identifier of launching of the application update.
  • Set of identifiers of the applications that can be activated on the user's computer.
  • Date and time of sending of statistics.
  • Identifier of the user’s action type.
  • URL, used for information request, protocol type, parent URL (from which the URL was received), port number.
  • Information about checked files: file certificate thumbprint, hash of the certificate public key, hashes of the checked objects or parts of the objects.
  • Information about website certificate: domain, IP address of the checked website, connection port, certificate hash, certificate type, certificate content.
  • Information about detect: detect name, record ID, record revision, record type.
  • Information on the computer's connection to the wireless network: the name of the wireless network (SSID), the wireless network authentication type, the wireless network encoding type, the checksum (MD5 and SHA256) and name of the access point MAC-address; the unique identifiers compiled using a unique computer identifier, the unique computer installation identifier; the security level of the wireless network, the wireless network category, the attribute for the DNS name; the DHCP data of connection settings to the network: the checksum (SHA256) of the IP-address (IPv4 and IPv6) of the DNS-servers, the checksum (SHA256) of the local IP-address (IPv4 and IPv6), the checksum (SHA256) of the local IP-address (IPv4 and IPv6) of the gate, the checksum (SHA256) of the subnet mask and network prefix length, list of available networks.

Kaspersky Security Network Statement

The data processing by Kaspersky Lab under the KSN Statement could lead to increase in the effectiveness of protection provided by the application against information and network security threats. It is achieved by:

  • Determining the reputation of scanned objects
  • Identifying information security threats that are new and challenging to detect, and their sources
  • Reducing the likelihood of false positives
  • Increasing the efficiency of application components
  • Preventing information security incidents and investigating incidents that did occur
  • Improving the performance of the Kaspersky Lab applications
  • Receiving reference information about the number of objects with known reputation
  • Improving the quality of Kaspersky Lab applications

The following data will be automatically sent on a regular basis to Kaspersky Lab under the KSN Statement:

  • Information about the operating system (OS) installed on the computer: versions of the operating system and installed updates, current and default OS language settings, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode, information about the last unsuccessful OS restart, the number of unsuccessful restarts.
  • Information about the Kaspersky Lab installed applications and the anti-virus protection status: the full version of the application, the unique application identifiers on the computer, the type identifier of the installed application, information about updates.
  • Information about updates of the installed application and anti-virus databases: the type of the update task, the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the application component that performs updates.
  • Information about all detected objects (including silent detect) and actions: the name of the detected object, the date and time of the scan, the URL and referrer from which it was downloaded, the names and size of detected files and the paths to them, the date and time of file creation, the file's entropy, the file's type, the file type code, identifier and format, the URL from which the object is downloaded, the object's checksum (MD5), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate), number of starts of the object since the last statistics sending, the ID of the application scanning task.

    For executable files: sign of sending service information, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format. If the file was packed: the name of the packer, size of the packer, size of the archived object.

  • If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on Kaspersky Lab classification, the checksum (MD5, SHA2-256, SHA1) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic on which the threat was detected, the vulnerability identifier and its threat level, the URL of the web page where the vulnerability was detected, the intermediate results of object analysis, and the flag for the silent detection of the object.
  • Information about scanned objects: file type, file checksums (MD5, SHA256).
  • Information about the running applications and their modules: checksums (MD5, SHA256) of running files, size, attributes, creation date, and PE-file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, names of files and their modules, the checksums of the files (SHA256), running of the executable file, the identifier conditions for the formation of statistics based on the information provided, an identifier of the existence and validity of the data provided in the statistics.
  • Information about application and command that started the process running on the system: process ID (PID), process name, information about the account the process was started from, the full path to the process’s files, and the starting command line, an indication whether the process’s file has autorun status, a description of the application that the process belongs to (the name of the application and information about the publisher), as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file’s digital signature); information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), IP-addresses (IPv4 or IPv6) of visited websites, the domain name, the method for determining the domain name, the sign indicating the domain name has entered the list, the name of the file of the process that opened the website, the size and checksums (MD5, SHA2-256) of the process’s file, the path to the process’s file and the template code of the file path, the result of the file’s certificate validation, the User Agent string, the storage duration of this information prior to being sent to KSN, the result of the file’s validation by KSN.
  • Information about network attacks: the IP address of the attacking computer and the user's computer's port number at which the network attack is directed, the identifier of the protocol used to carry out the attack, and the name and type of attack.
  • The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier and weight of the rule used to reach scanning results, the objective of the attack.
  • Information about changes made by the user in the list of websites protected by the Safe Money component: the URL of the website, a flag indicating a website has been added, modified, or deleted, the mode in which Safe Money runs for the website.
  • Version of the local KSN database on the computer at the time the statistics are sent, the application's database settings identifier, information about successful/unsuccessful requests to KSN, the duration of sessions with KSN, the amount of data sent and received, the times at which the collection of information to be sent to KSN was started and stopped.
  • Information about the website tracking blocking component: the referrer from the http tracking request, the name of the service or organization which provides tracking services, the category of the tracking service in accordance with the Kaspersky Lab categorization, ID and the version of the browser, which opened the URL.
  • If a potentially malicious object is detected, information is provided about data in the processes’ memory, data in EFI memory.
  • Information about events in the systems logs: the event’s timestamp, the name of the log in which the event was found, type and category of the event, name of the event’s source and the event’s description.
  • Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process’s file and its digital signature, local and remote IP-addresses, numbers of local and remote connection ports, connection state, timestamp of the port’s opening.
  • Information about the software installed on the computer: the name of the software and the name of its publisher; information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
  • Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
  • Information about the wireless network connection being used by the computer: the name of the wireless network, the checksum (MD5 and SHA256) of the MAC-address of the access point, information about the wireless network’s security and signal quality, flag indicating whether the computer is running on battery power or a stationary power supply, DNS flag, the type of the computer, information about wireless network type and security; the unique identifiers, made using a unique identifier of the computer, unique identifier of the software installation; information about the available wireless networks; flag for use of the VPN connection, the category of the wireless network specified in the software, DHCP settings, the checksum (SHA256) of the IP-address (IPv4 and IPv6) of the computer, the domain name and the checksum (SHA256) of the path from the URL-address of the captive portal; WPS settings of the access points: the checksums of the name and serial number of the wireless device, the number and name of the wireless device model, the name of its manufacturer; local time at the start and end of the wireless connection session, the list of available wireless access points and their parameters; hash (MachineID+PCID+BSSID), hash (MachineID+PCID+SSID), hash (MachineID+PCID+SSID+BSSID).

The Kaspersky Security Network service may process and submit whole files (for example, objects detected through malicious links which might be used by criminals to harm your computer) and/or their parts, to Kaspersky Lab for additional examination.

Also, in order to achieve the declared purpose of increasing the effectiveness of protection provided by the application, Kaspersky Lab may receive objects that could be exploited by intruders to harm the computer and create information security threats:

  • Executable or non-executable files or parts thereof
  • Computer's RAM areas
  • Sectors involved in the OS boot process
  • Network traffic data packages
  • Web pages and emails containing suspicious or malicious objects
  • Description of classes and class instances for the WMI storage
  • Application activity reports

Application activity reports contain the following information about the files and processes:

  • Name, size, and version of the file being sent, it's description and checksums (MD5, SHA2-256, SHA1), format ID, its manufacturer's name, the name of the application the file belongs to, the fully qualified path to the file on the computer and the path template code, date and time of file creation and update.
  • Certificate validity start and end dates and times if the file being sent has a digital signature, date and time when the certificate was signed, name of the certificate issuer, information about the certificate holder, impression and public key of the certificate and algorithms used to calculate them, certificate serial number.
  • Name of the account that had run the process.
  • Checksums (MD5, SHA2-256, SHA1) for the name of the computer that is running the process.
  • Process’ windows headers.
  • ID for the anti-virus databases, name of the identified threat according to the Kaspersky Lab classification.
  • Information about the license used for the application, license ID, it's type and expiry date.
  • Computer's local time at the moment the information was provided.
  • Names and paths of the files that were accessed by the process.
  • URL- and IP-addresses that were accessed by the process.
  • URL- and IP-addresses from which the running file was downloaded.

Read Kaspersky Security Network Statement

Statement regarding data processing for marketing purposes (Marketing Statement)

Kaspersky Lab processes data for marketing purposes in accordance with the Marketing Statement in order:

  • To improve the quality, appearance, and performance of the Kaspersky Lab applications, products, services, and infrastructure by analyzing users' experience, interactions, and level of satisfaction with applications.
  • To offer you security solutions that best match your needs.
  • To provide you with the relevant content and advertisement.
  • To create categories of groups of users based on certain parameters in order to provide relevant information to these groups about maintaining security level, marketing offers, and promotional materials.

The following data will be automatically sent on a regular basis to Kaspersky Lab under the Marketing Statement:

  • Information about the application: full version and ID of the full version of the application, type and type ID of the application, ID of the seller of the license key, hotfix of the application, localization ID of the application, flag indicating whether the user participates in Kaspersky Security Network, ID of the application, ID of the build, ID of the license agreement, version of the license agreement, flag indicating whether the license agreement was accepted, time of the change of the license agreement acceptance status, installation date, rebranding code, installation type, installation error, customization ID.
  • Information about user’s device: user device ID, hash of the identifier of the user's computer, date and time on the user's computer.
  • Information about the license: license type, license, license term, number of days before license expiration, license ticket sequence ID, license status, license ID, activation date.
  • Information about the operating system: type of the OS, full version of the OS, version of the OS Service Pack, edition of the OS, product type of the OS, architecture (bit version) of the OS, installed updates, current and default OS language settings, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode, the last unsuccessful OS restart, the number of unsuccessful restarts.
  • Information about the use of the application's user interface: information about the opening of the interface's windows (identifiers and names of windows and used control elements) and switching between windows, information that determines the reason for opening a window, the date and time the interface was started and the stages of interface's startup, the time and type of the user's interaction with the interface, information about changes to settings and application parameters (the name of the setting or parameter, and the old and new values), the ID of the application in interactive mode.

Statement regarding data processing for Parental Control (Statement)

With the help of the Parental Control component, you can limit time spent on the Internet, restrict access to websites of certain categories, and restrict social network correspondences and messaging. Kaspersky Lab receives and processes data to ensure the operation of the Parental Control component in accordance with the Statement.

The following data will be automatically sent on a regular basis to Kaspersky Lab under the Statement:

  • URL, used for information request
  • Protocol type
  • Parent URL (from which the URL was received)
  • Port number

Information provision

You agree to submit the following information for the purpose of application identification during database and module updates:

  • Application ID (AppID).
  • Active license ID.
  • Unique application installation ID (InstallationID).
  • Unique Update task launch ID (SessionID).
  • Version of application (BuildInfo).
  • Information about updating the Updater component: unsuccessful update tasks, the number of failed starts after the upgrade, the version of the component, the error code, the ID of the type of update task, the status code of the software after the update, the date and time the statistics is sent.

To check the legitimacy of the application use, Kaspersky Lab reserves the right to verify that you have a licensed copy of the application.

The application can transmit the following license information needed to verify the legitimacy of the application use to Kaspersky Lab:

  • Identifier of regional activation center.
  • Hashsum of activation code.
  • Time and date of ticket creation.
  • License information identifier.
  • License ticket identifier.
  • License ticket sequence identifier.
  • Unique identifier of user's computer HDD.
  • Date of from which the license ticket is valid.
  • The current state of license.
  • License version.
  • Ticket header ID.
  • Application ID of the currently used application.
  • List of application IDs of applications that are compatible with the currently used application.
  • Localization ID.
  • Application version.
  • Installation ID.
  • Application build ID.

Kaspersky Lab protects any information thus received in accordance with law and applicable Kaspersky Lab rules.

Kaspersky Lab uses any received information in anonymized form and as general statistics only. Aggregate statistics are automatically generated from the source information received, and do not contain any personal or other confidential data. The original information received is destroyed as new information is accumulated (once a year). Aggregate statistics are stored indefinitely.

Article ID: kis171488, Last review: Feb 14, 2022
Page top