What is the GDPR?

The General Data Protection Regulation (GDPR) is the European Union (EU)'s privacy law that took effect on 25 May 2018 and governs the processing and protection of personal data. Laws like it or substantially similar to it are also being adopted by countries all over the world. The GDPR introduced new principles affecting the way companies treat the personal data of their clients and users.

What are some of the main concepts and rights I should be aware of?

The GDPR introduced several new principles to ensure we stay accountable to you, for example, privacy by design, which means we take privacy into account through the entire process of systems engineering. The GDPR also expands upon the rights you have as a data subject under data protection law, such as the right to access, erase, and change your personal data. It also expands upon these rights with the right to object to certain types of processing or the right of data portability.

What are my rights under the GDPR?

In connection with the processing of your personal data, you have the right to:

1. Access the data we hold about you.
2. Correct or complete inaccurate or false data.
3. Ask for the deletion of the data if it is no longer needed for the purposes for which it was collected or processed, or if it has been collected illegally.
4. Limit the data processing in special cases.
5. Transfer the data.
6. Object to the data processing, unless there are serious legitimate grounds for processing which outweigh your interests, rights, and freedoms, especially if the reason is an enforcement of legal claims.
7. Contact The Office for Personal Data Protection or seek judicial remedy.

How does the Avast Group comply with the GDPR?

Your privacy is very important to us and we commit to ensuring the continuing confidentiality and security of all data we collect and process. We also require that all parties which have access to our data adhere to strict security standards and common industry practices. This protects your privacy, whether you are an EU resident or not.

What changes has Avast made to comply with the GDPR?

Teams across our operations—legal, product design, marketing, project management and IT—continually seek to identify and deploy best-practice privacy solutions in order to ensure that the personal data of our users remains safe and secure.

Some examples include:

• Appointing a Data Protection Officer to monitor our compliance with the GDPR, provide advice where requested, and cooperate with the supervisory authorities. The Data Protection Officer can be contacted at: dpo@avast.com
• Coordinating with our business partners to ensure they comply with all applicable data protection laws, including the GDPR.
• Unifying the Avast Privacy Policy to include our companies like AVG, and Privax Ltd (HideMyAss!), and keeping our new style in line with the legal requirements of the GDPR by ensuring it is transparent and easy to understand.
• Training our employees whose jobs relate directly to handling user data to ensure that they thoroughly understand their new obligations and responsibilities, so that they can apply these new principles to their everyday work.

Where can I find the legal terms of my relationship with Avast and the Avast Group?

You can find the specific terms in our End User License Agreement (EULA) for each product and in the Avast Privacy Policy.

What personal data is stored and where does it come from?

When you purchase a product or service from the Avast Group, billing is handled by a third-party service provider acting as our agent, or by the Avast eStore. If you purchase a paid product or service, our third-party service, or the Avast eStore, providers collect your name, email address, credit card number, and in certain circumstances, your billing address and phone number (collectively "Billing Data"). Your Billing Data is retained for as long as is necessary to complete your subscription payment. This data is kept separate from the other data we collect when you activate and use our products and services.

When you activate and use our products and services, we collect data needed to deliver the product functionality or the service. This includes information about your device, the network used to access the internet, your applications and other software programs running on your device, and websites you visit. We collect this data to provide antivirus detection and prevention, help you manage system optimization, provide technical support, and to provide the functionality of the product you have downloaded. We also use this data to measure the performance of the products and services.

For more details, refer to the Avast Privacy Policy.

How long is my personal data stored?

We limit the collection and retention of your personal data to what is adequate, relevant, and necessary for our legitimate purposes ("data minimization"). Once these purposes have expired (plus any additional period that is permitted or required by law e.g., compliance with taxation laws), we either delete or de-identify your personal data from our systems. You can find more information in the Avast Privacy Policy.

Can I delete or limit my data from your system?

All users can contact our support team for deletion of personal data, subject to legal obligations of Avast.

All users can modify some of their data use settings by going to Settings in their Avast product or app. The data use options you see will vary depending on the product or app. If you do not see a particular option, this means Avast is not using your usage data from that product for that purpose.

Refer to the Avast Privacy Policy for a full list of data uses.

Why is it necessary to process user data?

We process your personal data because it is necessary for the functionality of the product or service; to handle billings and subscriptions; for security research; internal statistics; analyzing software performance and usage; analyzing business performance indicators; and marketing our products. We also need to use your personal data if you contact us for technical support because we need your email address to be able to respond to you.

Is my payment information stored?

When you purchase products or services from us, your billing data (e.g., name, email address, phone number, and credit card number) are collected by our third-party service provider, or by the Avast eStore. When you purchase a mobile product, your billing data is collected by the app store where you purchased the product, such as Google Play and iTunes app stores.

The handling and storage of your billing data is governed by the privacy policy or terms of service published by the service provider. Your invoice shows the name of the third party who is processing your order. To review data held by a third party you need to contact the third-party company directly.

Does Avast process data based on consent?

In general, no. We collect only data that is necessary to process your payment, for authentication of your account, or to provide product or service functionality. We reuse some of your data only when it is compatible with the original collection purpose, such as, for security research, system analytics, reporting on trends, in-product messaging, and cross-product development.

In situations where we need your freely given consent to process your personal data, we include details about the processing in the consent form. You have the right to withdraw your consent and we will stop the processing, however, withdrawing consent does not affect the previous processing conducted before the consent withdrawal. An example of when Avast may ask for your consent is when you have signed up for an Avast event or competition and we want to re-use your registration photo when marketing future events or competitions.

Does Avast share my data with third parties?

Generally, we do not share personal data with third parties. However, sometimes we need to use partners to help us with some of the data processing or provide us with a tool they developed in order to make our data processing more meaningful and effective. These are our contractual partners whom we bind by contract to keep your data safe and secure. As another rule, where possible, we minimize the range of data used for these purposes so that this data is - as long as it is technically and legally possible - not identifiable for any such partner we use.

Some examples of when we share personal data with third parties include:

• When you purchase products or services, your billing data (e.g., name, email address, phone number, and credit card number) is collected by our payment partner to process your purchase. Collection of this data is necessary to process the payment.
• When you contact technical support, your data (e.g., email address) is used by our support partner to provide you assistance with your problem.
• When you purchase products or services, your data (e.g., IP address) is processed by third party analytics tools to help us analyze and improve on the purchase process.
• When we have a software bug, a software crash, or a network failure, your data (e.g., IP address) is processed by third party analytics tools to help us understand the failure.

How can I change my Email or Privacy Preferences?

If you would like to change your email preferences, follow the instructions below.

• Change email preferences: Scroll to the bottom of an email received from Avast and click the Unsubscribe link.
• Change privacy preferences: Go to Settings in your Avast product and locate Privacy options.