Privacy PolicyWe are joined with the world’s most trusted antivirus software company. To enhance the functioning of your devices and improve your experience online, NicklasProd Studio OÜ products and services have to collect your data to provide you with the best tools.We do not take your trust for granted. As a multinational company with its headquarters in Estonia, we conform our data use to the European Union’s (EU) General Data ProtectionRegulation (GDPR), which takes effect from 25 May 2018. Therefore, in our Privacy Policy,we explain what we do, how we do it, your choices, and how we may need your cooperation to help you stay safe.
1.1 Our Privacy Policy explains the processing of your personal data by us and establishes what information we collect, or which is provided to us, and how we use and protect your personal data in compliance with applicable law.
1.2 Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, identification number, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic,cultural or social identity or other information that is specific to you.
1.3 We do not mean information that only refers to a business corporation or organization.We also do not mean information that has been "anonymized" either by removing order-identifying all specific identifiers. Anonymous data is not personal data when the anonymization is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.
1.4 As a data controller, we commit ourselves to protecting the privacy of our website visitor sand users of our products and services with respect to the processing of your personal data.
Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.
1.6 Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards. Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseudonymized. For example, the processing of your personal data may be for the business-related process of counting users,products, sales and various metrics. We also share statistical data that has been anonymized and aggregated geographically and so, cannot be used to identify individuals,with third parties for trend analytics.
1.7 Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain. The length of this retention and how you may choose to request that we delete some or all your personal data and the consequences of the deletion are explained in this policy.
1.8 Some of the legal bases we rely on are contractual and service necessity, consent,legitimate interests and compliance with legal obligations
1.9 We want you to have the necessary and relevant understanding of how and why we process your personal data so that you can make fully informed decisions on whether to allow us to retain your personal data or delete them. Section 2 explains your rights under applicable law and section 3 lets you know when the Privacy Policy applies.
1.10 We strive to keep the policy easy to understand and transparent, and so we refrain from technical information overload. If you wish to have further details on how we process your personal data, please contact us.
1.11 Some of the web search services provided herein are provided by CodeFuel and powered by CodeFuel’s search partners. For information on the web search services data collection, please visit http://www.codefuel.com/legal/end_user_privacy_policy, and the search provider's privacy policy, as applicable, both as updated from time to time and at any successor locations.
2.1 We try to ensure that the users of our products and services always have an open line of communication with us. You can contact us at any time if you have any questions, queries or requests about your personal data and, if European law applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data. You have the right to complain to supervisory authorities in yourMember State should you feel your privacy has been breached, however we would appreciate it if you reach out to us first before you approach any supervisory authorities or courts. You may submit requests to us at [email protected] we will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to settle the matter informally.
2.2 We process your personal data where it is lawful and fair for us to do so. The legal bases we rely for processing your personal data are contractual necessity, consent, legitimate interests and compliance with legal obligations.
2.3 There could be instances where you are using our products or services, but we do not have your personal data, even though you have purchased our products or services. These include situations where you purchase our products from our service provider, a reseller, oran app store. Because your relationship in these cases is with that service provider, reseller or an app store, we do not actually have your personal data and will not be able to perform your request to access or delete your information. In such circumstances, please contact your service provider, reseller, or app store where you purchased the products or services,as this person is the primary controller of your personal data.
You should know that our Privacy Policy applies to the following situations and activities:
3.1 Online activities
Any personal data collected from you when you visit our websites or use our products or services
3.2 Phone contacts
Any personal data collected from you when you call us for sales, service, or customer support.
3.3 Offline contacts
Any personal data collected from you at a "live" or in-person event such as a trade show or promotion.
3.4 Reseller information
Any personal data, including contact information such as telephone number and email address, collected
from our
resellers or sub-resellers.
3.5 Other circumstances
Any personal data collected from you when you contact us by email or by clicking the "report a virus"
link on
our
website or by requesting online service or support, or opening a support ticket, or through our media
contact or
news subscription services, or other occasions.
4.1 Third Party Sites
5.1 Disclosure to third parties
We are required to disclose your personal data to unrelated third parties in limited circumstances:
5.2 We are also required in a few limited situations to share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party working for us, we may share your personal information with the third party to respond to your request. This third party may also transmit back to us any new information obtained from you in connection with providing the service or product.
5.3 When you contact us or a third-party service provider working on our behalf, our service provider may suggest upgrades to our products or services. Our service provider may also suggest products or service that the service provider offers which are not our products or services. In this case, you will be clearly advised that the product or service is offered by the third party, and you will be subject to the terms and conditions, end user license agreement(EULA), and privacy policy of the third-party service provider.
5.4 We offer third party browsers to new users of certain products, such as our antivirus products. Whether you install the third party browser is in your discretion.
5.5 For certain mobile products, we offer third party ads. While we do not share your personal data with the ad network, data from your device including its IP Address, is used by the ad network to enable the delivery of the ads. If you do not want to view third party ads,you have the choice to change to a paid version of the product. If you are served a third party ad and you click on the ad, your data will be governed by the relevant third party whose ad you clicked on.
5.6 We reserve the right to store and use the information collected by our software. We may publish or share that information with third parties, but we will only ever do so after anonymizing the data.
6.1 We are a global business that provides its products and services all around the world. In order to
reach all
of our users and provide all of them with our software, we operate on an infrastructure that spans the
globe.
The
servers that are part of this infrastructure may therefore be located in a country different than the
one where
you live. In some instances,these may be countries outside of the European Economic Area (“EEA”), where
the
level of protection provided by the laws of these countries may be different than the high standard
enshrined in
the GDPR. Regardless, we provides the same GDPR-level of protection to all personal data it
processes.
At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place
appropriate and suitable safeguards, such as standardized contracts approved by the European Commission,
which
legally bind the receiving party to adhere to a high level of protection, and to ensure that your data
remains
safe and secure at all time sand that your rights are protected.
Situations where we transfer personal data outside of the EEA include provision of our products and
services,
processing of transactions and your payment details, and
the provision of support services.
7.1 Our data collection and management practices do not vary by location. We follow the same “data minimisation” procedure with respect to all personal data in our possession,regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one member of our company to another.
7.2 We reserve the right to store and use the information collected by our software and to share such information among our companies to improve our current and future products and services, to help us develop new products and services, and to better understand the behavior of our users.
8.1 Storage of Information
We store information that we collect on our servers or on the servers of our
subsidiaries,affiliates, contractors, representatives, contractors, agents, or resellers who are working
on our
behalf.The data on our servers can only be accessed from our physical premises, or via an encrypted
virtual
private network (“VPN”). Access is limited to authorized personnel only,and company networks are
password
protected, and subject to additional policies and procedures for security.
8.2 Access by our contractors
We or our contractors, subsidiaries, affiliates, representatives, agents, or resellers who are working
on our
behalf undertake regular maintenance of your personal data. All third parties must agree to observe the
privacy
of our users, and to protect the confidentiality of their personal information. This means your personal
data
cannot be shared with others, and there must be no direct marketing by the third parties.
8.3 Retention and Deletion of Your Personal Data
We retain and delete the various types of personal data we collect in compliance with the legal
requirement that
personal data be kept in a form that permits identification of our data subjects for no longer than is
necessary
for the purposes for which the personal data is being processed.
We will not keep your personal data in a form that allows you to be identified for longer than
reasonably
necessary with regards to the purpose for which the information was collected.We will also anonymize and
aggregate data to the extent possible
In general, we strive to delete or obfuscate Internet Protocol (IP) addresses within 60 days when the
purpose
for
which they were collected has been fulfilled. We may retain online identifiers, location data and other
personal
data for statistical purposes as permitted under applicable law.
We may also amend the personal data we keep in such a way that you cannot be identified,for example, by
hashing.
We may retain a “key” to the hashing, but we will securely store it separately from the hashed data.
We will only keep your personal data for additional periods following the expiration of the purpose for
which we
collected it when permitted as compatible for our legitimate interests or required by law, for example
tax,
contract, secrecy or criminal laws. Otherwise, your personal data will be automatically deleted from our
system
once the legal basis for the collection and processing has been fulfilled.
If you are an active paid user, we need to retain your personal data for mailing or billing purposes. If
you
subscribe to a recurring newsletter, we will keep your information to continue to fulfil your
subscription
request. In the case of Avast Forum, Support Portal, orAvast news and blogs, your account data is kept
active
until you delete it.
If you participate in a giveaway or promotion that we offer, we will retain your data long enough to
administer
the promotion, plus any additional time that is permitted or required bylaw.
For the purpose of licensing products that are registered on a periodic basis, we will keep your
personal data
on
the legal basis of contractual necessity for as long as you are actively using the product and
thereafter for
legal compliance. Thereafter, your personal data will be deleted.
For our paid and trial customers of products and services for your personal computer, and some free users with our companies account , you will be able to log in to our GDPR portal with your email address, which will be verified, to request deletion of your personal data.
For other users of our free products and services, you may request us to delete your personal data by submitting a request ticket here. However, please note, if you have not registered your email with our company before requesting deletion of personal data, we will not respond to you. We will not keep your email address if we do not have an email match in our system of registered users.
In some circumstances and to the extent permitted by law, for example, to provision the service or contract, for compatible use for our legitimate interests, under national tax,contract, criminal, or secrecy laws, we may retain your personal data despite your requests for erasure.
10.1 Depending on what you request and how many requests we receive, it is possible for your requests to be actioned from within a day to three months. For example, paid, trial and registered customers may log-in to the GDPR portal to request a change of address and we will give effect to this typically within a couple days.
10.2 If you request the erasure of your data (“right to be forgotten”), we will generally action this within 30 days, which may only include a record in our system that once the legal basis for processing your personal data has been fulfilled, your personal data needs to be promptly deleted.
11.1 Safeguards for protection of personal information We maintain administrative, technical,and physical safeguards for the protection of your personal data.
11.2 Administrative safeguards
Access to the personal data of our users is limited to authorized
personnel who
have a legitimate need to know based on their job descriptions, for example, employees who provide
technical
support to end users, or who service user accounts. In the case of third-party contractors who process
personal
information on our behalf, similar requirements are imposed. These third parties are contractually bound
by
confidentiality clauses, even when they leave. Where an individual employee no longer requires access,
that
individual's credentials are revoked.
11.3 Technical safeguards
We store your personal information in our database using the protections described above.In addition, we
utilize
up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and
anti-malware software, and regularly update our virus definitions.Third parties who we hire to provide
services
and who have access to our users' data are required to implement privacy and security practices that we
deem
adequate.
11.4 Physical safeguards
Access to user information in our database by Internet is not permitted except using an encrypted
virtual
private
network (VPN). Otherwise, access is limited to our physical premises. Physical removal of personal data
from our
location is forbidden. Third-party contractors who process personal data on our behalf agree to provide
reasonable physical safeguards.
11.5 Proportionality
We strive to collect no more personal data from you than is required by the purpose for which we collect
it.
This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the
less data
we collect, the smaller the overall risk.
11.6 Notification in the event of breach.
In the unlikely event of a breach in the security of personal data, we will notify all users who are
actually or
potentially affected.
We may tailor the method of notice depending on the circumstances. Where the only contact information that we have for you is an email address, then the notification will necessarily be by email. We may also elect to give you notice via our in-product messaging system. Where we believe there are affected users for which we have no contact information on file, we may give notice via publication on our company website.
We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
We collect and process personal data on the territory of the Russian Federation in strict compliance with
the
applicable laws of the Russian Federation.
We collect and process personal data (including sharing it with third parties) only upon the consent of
the
respective individuals, unless otherwise is provided for by the laws of theRussian Federation. You will
be asked
to grant your consent by ticking the respective box /or clicking “I accept” button or through similar
mechanism
prior to having access to the site,and/or when submitting or sharing the personal data we may request.
We
collect and use your personal data only in the context of the purposes indicated in the consent to
processing of
personal data.
We (directly or through third party contractors specifically authorized by us) collect,
record,systematize,
accumulate, store, actualize (update and amend), extract personal data of theRussian Federation citizens
with
the use of databases located on the territory of the RussianFederation, except as otherwise permitted by
Russian
data protection legislation. We may process personal data of Russian citizens using databases located
outside of
the Russian Federation subject to compliance with Russian data protection legislation.
We undertake all the actions necessary to ensure security of your personal data. You are legally
entitled to
receive information related to processing your personal data. To exercise this right, you have to submit
a
request by e-mail at: [email protected] with the headline
"PRIVACY
REQUEST" in the message line.
You have the right to revoke the consent at any time by sending us an e-mail at:[email protected] with the headline “PRIVACY REQUEST” in the
message
line. Once we receive the revocation notice from you we will stop processing and destroy your personal
data,
except as necessary to provision the contract or service to you. However, please note once you have
revoked your
consent, we may not be able to provide to you the products and services you request, and may not be able
to
ensure proper work of our products.
We do not transfer your personal data to the countries that under Russian law are not deemed to provide
adequate
protection to the individuals’ rights in the area of data privacy.We do not offer, sell or otherwise
make
available our products or services that have access to, collect and process (or allow us to do the same)
personal
data of third parties in the Russian Federation without the consent of such third parties.
If any provisions of this Policy contradict the provisions of this section, the provisions of this
section shall
prevail.
Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy Policy. California residents seeking additional information on this requirement or our privacy practices in general may write to us at [email protected] with the headline “PRIVACY REQUEST” in the message line. They may also send paper mail to Õismäe tee 90-46, 13513, Tallinn, Estonia, 1. Please write "Attention: PRIVACY" in the address.
13.1 Updates to our Privacy Policy will occur from time to time and we will publish these changes on our website.
13.2 We suggest that you check our Privacy Policy every so often to keep yourself informed.
13.3 Where the changes are major, we will notify you by email if you have our account or through posts on our website.
14.1 We are registered as NicklasProd Studio OÜ
and our registered address is
Õismäe tee 90-46, 13513, Tallinn, Estonia, 1.
14.2 Dispute resolutionWe make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, please contact us.
14.3 Contact Details
You can always reach us by email at
[email protected]
Please type
“PRIVACY REQUEST” inthe message line of your email so we can have the appropriate member of the our
team respond.
If you prefer, you can send paper mail to
NicklasProd Studio OÜ
Õismäe tee 90-46, 13513, Tallinn, Estonia, 1 Reg no 6249919 EE102381135
CEO Nikita Gustsin
Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.
15.1 As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via [email protected].