The General Data Protection Regulation (GDPR) is the European Union (EU)’s privacy law that took effect on 25 May 2018 and governs the processing and protection of personal data. Laws like it or substantially similar to it are also being adopted by countries all over the world. The GDPR introduces new principles affecting the way companies treat the personal data of their clients and users.

The GDPR introduces several new principles to ensure we stay accountable to you, for example, privacy by design, which means we take privacy into account through the entire process of systems engineering. The GDPR also expands upon the rights you have as a data subject under data protection law, such as the right to access, erase, and change your personal data. It also expands upon these rights with the right to object to certain types of processing or the right of data portability.

In connection with the processing of your personal data, you have the right to:

• Access the data we hold about you.
• Correct or complete inaccurate or false data.
• Ask for the deletion of the data if it is no longer needed for the purposes for which it was collected or processed, or if it has been collected illegally.
• Limit the data processing in special cases.
• Transfer the data.
• Object to the data processing, unless there are serious legitimate grounds for processing which outweigh your interests, rights, and freedoms, especially if the reason is an enforcement of legal claims.
• Contact The Office for Personal Data Protection or seek judicial remedy.

Your privacy is very important to us and we commit to ensuring the continuing confidentiality and security of all data we collect and process. We also require that all parties which have access to our data adhere to strict security standards and common industry practices. This protects your privacy, whether you are an EU resident or not.

Teams across our operations—legal, product design, marketing, project management and IT—continually seek to identify and deploy best-practice privacy solutions in order to ensure that the personal data of our users remains safe and secure.

Some examples include:

• Implementing a new Privacy Preference portal so that our users can view and correct their data profile, and see an overview of their specific privacy preferences for products they use. Users can also download their personal data from our system.
• Appointing a Data Protection Officer to monitor our compliance with the GDPR, provide advice where requested, and cooperate with the supervisory authorities. The Data Protection Officer can be contacted at: dpo@avast.com
• Coordinating with our business partners to ensure they comply with all applicable data protection laws, including the GDPR.
• Unifying the Avast Privacy Policy to include our companies like AVG, and Privax Ltd (HideMyAss!), and keeping our new style in line with the legal requirements of the GDPR by ensuring it is transparent and easy to understand.
• Training our employees whose jobs relate directly to handling user data to ensure that they thoroughly understand their new obligations and responsibilities, so that they can apply these new principles to their everyday work.

You can find the specific terms in our End User License Agreement (EULA) for each product and in the Avast Privacy Policy.

When you purchase a product or service from the Avast Group, billing is handled by a third-party service provider acting as our agent. If you purchase a paid product or service, our third-party service providers collect your name, email address, credit card number, and in certain circumstances, your billing address and phone number (collectively “Billing Data”). Your Billing Data is retained for as long as is necessary to complete your subscription payment. This data is kept separate from the other data we collect when you activate and use our products and services.

When you activate and use our products and services, we collect data needed to deliver the product functionality or the service. This includes information about your device, the network used to access the internet, your applications and other software programs running on your device, and websites you visit. We collect this data to provide antivirus detection and prevention, help you manage system optimization, provide technical support, and to provide the functionality of the product you have downloaded. We also use this data to measure the performance of the products and services.

For more details, refer to the Avast Privacy Policy.

We limit the collection and retention of your personal data to what is adequate, relevant, and necessary for our legitimate purposes (“data minimization”). Once these purposes have expired (plus any additional period that is permitted or required by law e.g., compliance with taxation laws), we either delete or de-identify your personal data from our systems. You can find more information in the Avast Privacy Policy.

Users with a paid or trial subscription and users who have registered a free product can log into our Privacy Preference portal and review how we process their personal data. Users of our free products and services, and users of our mobile apps whose contact details are not collected when downloading or activating an Avast product or app, cannot access the Privacy Preference portal because we do not have their contact details.

All users can modify some of their data use settings by going to Settings in their Avast product or app. The data use options you see will vary depending on the product or app. If you do not see a particular option, this means Avast is not using your usage data from that product for that purpose.

Avast only uses limited subsets of collected data for secondary uses such as third party analytics and advertising.
Refer to the Avast Privacy Policy for a full list of data uses.

We process your personal data because it is necessary for the functionality of the product or service; to handle billings and subscriptions; for security research; internal statistics; analyzing software performance and usage; analyzing business performance indicators; and marketing our products. We also need to use your personal data if you contact us for technical support because we need your email address to be able to respond to you.

We only store a limited amount of your payment information necessary to keep proper records of your orders. We never store your full credit card information ourselves. When you purchase products or services from us, your billing data (e.g., name, email address, phone number, and credit card number) are collected by our third-party service provider. When you purchase a mobile product, your billing data is collected by the app store where you purchased the product, such as Google Play and iTunes app stores.

The handling and storage of your billing data is governed by the privacy policy or terms of service published by the service provider. Your invoice shows the name of the third party who is processing your order. To review data held by a third party you need to contact the third-party company directly.

In general, no. We collect only data that is necessary to process your payment, for authentication of your account, or to provide product or service functionality. We reuse some of your data only when it is compatible with the original collection purpose, such as, for security research, system analytics, reporting on trends, in-product messaging, and cross-product development.

In situations where we need your freely given consent to process your personal data, we include details about the processing in the consent form. You have the right to withdraw your consent and we will stop the processing, however, withdrawing consent does not affect the previous processing conducted before the consent withdrawal. An example of when Avast may ask for your consent is when you have signed up for an Avast event or competition and we want to re-use your registration photo when marketing future events or competitions.

Generally, we do not share personal data with third parties. However, sometimes we need to use partners to help us with some of the data processing or provide us with a tool they developed in order to make our data processing more meaningful and effective. These are our contractual partners whom we bind by contract to keep your data safe and secure. As another rule, where possible, we minimize the range of data used for these purposes so that this data is - as long as it is technically and legally possible - not identifiable for any such partner we use.

Some examples of when we share personal data with third parties include:

• When you purchase products or services, your billing data (e.g., name, email address, phone number, and credit card number) is collected by our payment partner to process your purchase. Collection of this data is necessary to process the payment.
• When you contact technical support, your data (e.g., email address) is used by our support partner to provide you assistance with your problem.
• When you purchase products or services, your data (e.g., IP address) is processed by third party analytics tools to help us analyze and improve on the purchase process.
• When we have a software bug, a software crash, or a network failure, your data (e.g., IP address) is processed by third party analytics tools to help us understand the failure.

Our Privacy Preference portal provides an overview of the email and privacy preferences for products connected to the email address used for log in. If you would like to change the preferences you see there, follow the instructions below.

• Change email preferences: scroll to the bottom of an email received from Avast and click the Unsubscribe link.
• Change privacy preferences: go to Settings in your Avast product and locate Privacy options.

Our Privacy Preference portal provides paid or registered users of our Avast, AVG, and HMA! products and services with an overview of their basic data profile and allows them to submit corrections to their personal data stored by the Avast Group. It also gives users an overview of the specific privacy preferences for products they use and allows them to download their personal data in machine-readable format (.json).

The portal is only available to those users who register their email address with Avast when, for example, activating a paid product or service. Users of our free products and services, and users of our mobile apps whose contact details are not collected when downloading or activating the Avast app, will not be able to access the Privacy Preference portal because we do not have their contact details.

If you purchased products from Piriform and want to learn what personal data has been collected by them, contact Piriform Support directly.

Go to the Personal Data tab. Here you can view personal data that we have connected to the email address used for login. In the Consolidated Profile section, you can enter and submit corrections to your data. Click a text box, then type your changes and click Save Changes.

For technical reasons, the changes you make do not appear immediately. Status: in process is displayed until your corrections have been processed.

Go to the Personal Data tab, and click Export Data. Your data is exported and downloaded as a .json file. (This will normally appear in your computer’s Downloads folder.)

In the Privacy Preferences section there are generally four categories or purposes for which we process your data. In some cases, the specific product you use does not process data in a way that falls into one or more of these categories. In this case, the category or categories which do not apply to your product will not appear.

If you have questions, or need help using the Privacy Preference portal, contact Avast Support.

For questions specific to your data or rights according to GDPR, Avast's Data Protection Officer can be contacted at: dpo@avast.com