Kaspersky Security Network Statement in Kaspersky Embedded Systems Security
Kaspersky Security Network Statement in Kaspersky Embedded Systems Security 2.0
Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by posting the changes on this page.
AO Kaspersky Lab (hereinafter Kaspersky Lab) has created this Statement in order to inform and disclose its data gathering and dissemination practices for Kaspersky Embedded Systems Security.
AO Kaspersky Lab (hereinafter Kaspersky Lab) has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing.
This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do - including protecting your Data.
The Kaspersky Security Network service allows users of Kaspersky Lab security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new (“in the wild”) security risks targeting your computer which helps to identify new threats and their sources and to help improve a user’s security level. Such information contains no personally identifiable information about the user and is utilized by Kaspersky Lab for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses.
Legal Issues (if applicable)
Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky Lab shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky Lab guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.
Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EC Member States and other countries requiring opt-in procedure) or opt-out (for all the other countries) on-line from the commercial use of this data and/or the transmission of this data to third parties.
Kaspersky Lab may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky Lab may also provide information to law enforcement to protect its property and the health and safety of users as permitted by statute.
B. RECEIVED INFORMATION
In order to identify new and challenging data security threats and their sources, as well as threats of intrusion, and to take prompt measures to increase the protection of the data stored and processed by the User with a computer, the User agrees to automatically provide the following information:
- Information about all potentially malicious objects: the name and size of the detected object, the full path to the object on the computer and the template code of the file path, the object’s checksum (MD5), the file type code, the file format identifier, the executable file flag, the name of the detected threat according to Kaspersky Lab’s classification, the identifier, the identifier for the anti-virus databases and the identifier of the record in the anti-virus database the software used to make a decision, the flag of the reputation verification or file signature verification, the flag for the silent detection, the task identifier of the software that performed the scan;
- Information about vulnerabilities detected: the vulnerability identifier in the database of vulnerabilities and the vulnerability danger class;
- The version of the set of statistics being sent.
To improve the quality of the product, the User agrees to provide Kaspersky Lab with the following information:
- Information about errors that occurred during operation of the product component: the memory stack in the product’s process, the name of the detected threat according to Kaspersky Lab’s classification, the identifier, version, and type of the record in the anti-virus database the software used to make a decision, the flag for the silent detection.
When participating in KSN, the User agrees to provide the following information for all purposes mentioned above:
- The unique installation identifier of the software;
- The full version of the installed software;
- The type identifier of the installed software;
- Information about the versions of the operating system and installed updates: the word size, edition and parameters of the OS run mode;
- The unique identifier of the computer with the installed software.
Securing the Transmission and Storage of Data
Kaspersky Lab is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky Lab operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky Lab uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky Lab takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.
We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky Lab employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Any stored data will not be associated with any personally identifiable information. Kaspersky Lab does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky Lab for promotional or other purposes.
C. USE OF THE PROCESSED DATA
Kaspersky Lab processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky Lab’s products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky Lab customers in the future.
Disclosure of Information to Third Parties
Kaspersky Lab may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky Lab may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Kaspersky Lab or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky Lab may share certain information with research organizations and other security software vendors. Kaspersky Lab may also make use of statistics derived from the information processed to track and publish reports on security risk trends.
D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS
Kaspersky Lab takes and addresses its users’ Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky Lab by email: email@example.com.
In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.
CHOICES AVAILABLE TO YOU
In case of refusal to participate in KSN the above data is not transmitted. The data is processed and stored in a restricted and protected partition on the user’s computer. This data cannot be restored after uninstallation. If you agree to participate in KSN, the data is transferred to Kaspersky Lab for the above purposes.
Kaspersky Lab protects the information received in accordance with the law and Kaspersky Lab’s rules.
Kaspersky Lab uses the information received only in an anonymized form as part of aggregated statistics. These aggregated statistics are generated automatically from the original information received and do not contain personal information or any other confidential information. Initial information received is destroyed upon accumulation (once a year). General statistics are kept indefinitely.
Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by altering the Feedback settings on your Kaspersky Lab product’s option’s tab. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.
We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.
Kaspersky Lab is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.
© 2017 AO Kaspersky Lab. All Rights Reserved.
Kaspersky Security Network Statement in Kaspersky Embedded Systems Security 2.1
Kaspersky Security Network Statement (hereinafter “KSN Statement”) relates to the computer program Kaspersky Embedded Systems Security 2.1 (hereinafter “Software”).
KSN Statement along with the End User License Agreement for Software, in particular in the Section “Conditions regarding Data Processing” specifies the conditions, responsibilities and procedures relating to transmission and processing of the data, indicated in the KSN Statement. Carefully read the terms of the KSN Statement, as well as all documents referred to in the KSN Statement, before accepting it.
When the End User activates the using of the KSN, the End User is fully responsible for ensuring that the processing of personal data of Data Subjects is lawful, particularly, within the meaning of Article 6 (1) (a) to (1) (f) of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) if Data Subject is in the European Union, or applicable laws on confidential information, personal data, data protection, or similar thereto.
Data Protection and Processing
Purpose of Using the KSN
Use of the KSN could lead to increase the effectiveness of protection provided by the Software, against information and network security threats.
The declared purpose is achieved by:
- determining the reputation of scanned objects;
- identifying information security threats that are new and challenging to detect, and their sources;
- taking prompt measures to increase the protection of the data stored and processed by the End User with the Computer;
- reducing the likelihood of false positives;
- increasing the efficiency of Software components;
- preventing information security incidents and investigating incidents that did occur;
- improving the performance of the Rightholder’s products;
- receiving reference information about the number of objects with known reputation.
During use of the KSN, the Rightholder will automatically receive and process the following data:
- data about the files to be scanned: checksums of the scanned files (MD5); name of the scanned file;
- data on debugging and recalled detectors: type of recall of a false trigger; reason for recalling the detector; type of the requested verdict; information about the antivirus databases on the basis of which the detector was recalled;
- identifier of the entry in the antivirus databases or its checksum; type of antivirus databases that the entry belongs to; version of the entry in the antivirus databases (date and timestamp of the release of the antivirus databases installed on the End User's Computer); type of threat detected and its name according to the Rightholder's classification;
- data about the state of the Computer's antivirus protection: versions and release timestamps of the antivirus databases in use; statistics about updates and connections with the Rightholder's services; identifiers of the jobs and Software components performing scanning and detection;
- data on scanned objects and detected objects: name of the detected object and the path to the object on the Computer; checksums of the processed files; date and timestamp of detection; names and sizes of the infected files and their paths; path template code; flag indicating whether the object is a compound; names of packers (if the file was packed); file type code; file format identifier; name of the detected threat according to the Rightholder's classification; identifier of the scan job during which the object was detected; identifier of the entry in the antivirus databases or its checksum; type of antivirus databases that the entry belongs to; version of the entry in the antivirus databases (date and timestamp of the release of the antivirus databases installed on the End User's Computer); detection identifier;
- service information about the Software's operation: flag for the potential maliciousness of the scanned object, version of the set of statistics being sent, information about the availability and validity of the statistical data;
- information about the Rightholder's Software: its full version, type, locale language and operation state, information about the installed Software updates;
- information about hardware installed on the Computer: type, unique identifier of the Computer with the installed Software;
- information about the version of the operating system (OS) installed on the Computer and the installed update packages, word size, edition and parameters of the OS run mode;
- data of the crash stack of the antivirus database modules: identifier of the Software module in which the error occurred, identifier of the job or update category during which the error occurred, error code, module name, source file name and string where the error occurred.
Providing the above information to the KSN is voluntary. After installing the Software, the End User can at any time enable or disable the use of the KSN in the Software settings as described in the User Manual.
© 2018 AO Kaspersky Lab. All Rights Reserved.