Working with personal data of users
April 2, 2024
ID 167084
Kaspersky Security processes the following personal data of users to perform its basic functions:
- Active Directory accounts.
The application checks Active Directory accounts to implement the role-based user access control for the application features and services.
- E-mail messages.
The application scans email messages, including attached objects, to provide anti-virus protection, to filter attachments and contents of messages, and to provide Anti-Spam and Anti-Phishing protection according to the predefined settings.
Original messages that initiated an alert of one of the protection components are saved in the Security Server file system. This enables to restore deleted objects via Backup.
- E-mail metadata.
E-mail metadata (fields From, To, Subject) that initiated an alert of one of the protection components are saved in the application database. This enables to restore deleted objects via Backup.
E-mail metadata can be sent to Kaspersky Security Center as part of information on application events if your organization uses this software solution.
E-mail metadata is also saved in the application log, which is required to provide technical support.
- E-mail addresses excluded from scanning.
E-mail addresses excluded by the administrator from scanning are saved in Active Directory together with other protection settings.
- Mailbox names.
The application saves the names of mailboxes selected for background scan to ensure correctness of scanning.
- Application configuration changes.
Any configuration change information is saved in the application logs and in the Windows event log. Depending on introduced changes, such information can include e-mail addresses excluded from scanning and the names of mailboxes selected for background scan.
Similar information may be contained in the application configuration export file (
*.kseconfig). - Message texts.
Texts of processed email messages can be saved on the Security Server if the administrator has enabled detailed event logging for the application. This information can be used to provide technical support.
- Organization representative information.
Information on the contact person of the organization that signed the End User License Agreement is used to validate the license. Depending on the application configuration, such information is stored either in Active Directory or locally on the Security Server.
The table below presents the specifics of storing the listed data.
Specifics of storing personal data of users in Kaspersky Security
Component that uses personal data | Data storage location | Data storage period | Data security |
|---|---|---|---|
Configuration files | <Application setup folder>\Configuration | Indefinite. |
When working with the Kaspersky Security Management Console, data is secured through role-based restrictions of user access to functions and services of the application. The Kaspersky Security administrator must personally ensure the security of this data. |
Backup | <Application setup folder>\data\store\persistent | Indefinite, unless otherwise restricted by the Kaspersky Security administrator. | |
Statistics and metadata of Backup objects | SQL database specified during application installation. | Indefinite, unless otherwise restricted by the SQL server administrator. | |
Reports | %Temp% | Until the application is restarted. | |
Audit and event log | <Application setup folder>\logs | 365 days, unless a different value is set by the Kaspersky Security administrator. | |
Temporary files | %Temp% <Application setup folder>\data\temp | Until the application is restarted or until termination of the operation that is using temporary files. |
You can restrict handling of personal data of users by the application as follows:
- Change the storage term for application logs.
- Restrict the duration of object storage in Backup.
- Remove objects from Backup.
- Monitor the list of users added to the Anti-Spam lists of allowed and denied addresses.
- Monitor the list of users, the messages for whom are excluded from anti-virus scan.
- Monitor the list of users from/to whom messages are subject to the message attachment and content filtering rules.
- If you need to change the contact person of your organization, please contact the license provider.
