DATA CONTROLLER INFORMATION
AO Kaspersky Lab, located at address: 39A/3 Leningradskoe Shosse, Moscow 125212, Russian Federation (“Kaspersky”, “Kaspersky Lab”, “KL” or “we”).
If you have any questions about Kaspersky Lab's privacy practices or if you would like us to update information or preferences you provided to us, please contact us directly or our Kaspersky EU representative via e-mail or phone: Kaspersky Labs GmbH, Ingolstadt, Germany, firstname.lastname@example.org, +49 (0) 841 98 18 90.
The data protection officer can be reached by post or email at: Kaspersky Labs GmbH, Ingolstadt, Despag-Strasse 3, 85055, Germany, email@example.com.
WHAT IS YOUR PERSONAL DATA
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
WHY WE PROCESS YOUR PERSONAL DATA
We use your personal data for the following purposes:
- Provide you with support service.
- Improve our service quality and/or to better understand requests by comparison with previous chats.
THE CATEGORIES OF PERSONAL DATA
We process the following categories of your data:
- Email address
- Static IP address
- Time and date of customer service contact through a call, chat, email, ticket
- Content data of call, chat, email, ticket
- You phone number (only in case of support by phone)
- Recordings of customer calls
- Uploaded files
- Names of devices that are attached to My Kaspersky
- Activation code, license number of Kaspersky products
- Bank account number, if it is necessary to refund a purchase via bank transfer
- Billing address
- First 6 and last 4 digits of your credit card
- Order-related information from Kaspersky e-stores
- Country and geolocation
- Social media usernames on Twitter/Facebook/Google Play Store/Apple App Store/Huawei store (in case of requests through these social platforms)
We obtain your personal data from you directly.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Our lawful basis for processing your personal data:
- Processing is necessary for the performance of a contract between Kaspersky and the data subject (Art. 6 (1) (b) GDPR).
- Processing is necessary for the performance of support services (Legitimate interests, Art. 6 (1) (f) GDPR).
SHARING YOUR PERSONAL DATA
We may disclose your personal data:
- Within the Group of Companies Kaspersky Lab with strict access policy rights.
- To External Providers of Support Services.
Your personal data will be treated as strictly confidential and will only be shared with Service Providers that provide us with IT and system administration services.
In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
TRANSFER OF DATA ABROAD
The personal data provided by users to Kaspersky Lab can be processed in the following countries, including countries outside European Union (EU) or the European Economic Area (EEA) which have not been deemed to have an adequate level of data protection by the European Commission: EEA: Germany, Netherlands, France, Greece; non-EEA: Switzerland, Brazil, Russia, USA.
Kaspersky Lab has taken appropriate security measures to protect your personal data in accordance with security and privacy best practices (more information at https://www.kaspersky.com/global-privacy-policy), including utilizing the European Commission’s Standard Contractual Clauses for transfers of personal information between its group companies (You can find these standard contract clauses under the following link), which requires all group companies to protect personal information being processed from the EEA to an equivalent standard to that required under EU data protection law.
Where we share your personal data with a third party service provider outside of the European Economic Area and Switzerland (as detailed in the section entitled “Sharing your information”), we contractually oblige the third party service provider to implement adequate safeguards to protect your information.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
We keep your personal data for no longer than reasonably necessary to achieve the purposes they are processed for.
AUTOMATED DECISION MAKING
Our technical support does not use automated decision making.
YOUR RIGHTS AND YOUR PERSONAL DATA
We inform you that you have certain rights regarding the personal data we maintain about you:
- Right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights.
- Right of access. You have the right to request information about how we use your personal data. In addition, you can request to receive a copy of the Personal Data we process about you and to check that we are lawfully processing it.
- Right to rectification. You can request correction of the personal data that we process about you.
- Right to erasure (Right to be forgotten). This enables you to ask us to delete or remove personal data where there is no good reason, such as statutory retention periods, for us continuing to process it.
- Right of restriction of processing. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Right to data portability. Insofar as the processing of your personal data is based on your consent or on a contract (Articles 6 (1) (a) and (b) GDPR), you may request to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to have the personal data transmitted to another controller.
- Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (f) of the GDPR (data processing for the purposes of the legitimate interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- Right to withdraw data protection consent. If you have given us your consent to the processing of your personal data, you may withdraw the consent at any time with effect for the future. This does not affect the lawfulness of the processing of your personal data before the withdrawal of the consent.
- Right to complain. You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices.
HOW TO EXERCISE YOUR RIGHTS
Principally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to make a complaint regarding this Privacy Statement or our practices in relation to your personal data, please contact us.
If you consider that the processing of personal data relating to you infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority at any time. Which supervisory authority has competence for your complaint can depend on the country where you reside.