This Privacy Policy describes how we handle and protect your personal
data and the choices available to you regarding collection, process,
access, and how to update, correct and delete your personal data.
Additional information on our personal data practices may be provided in
product settings, contractual terms, or notices provided prior to or at
the time of data collection.
Please refer to our Products Policy describing specifics of personal
data processing within our products and services.
This Privacy Policy is intended for you if you are a user of our
products and services. If you are a business partner, the privacy notice
that applies to you is located here: Business partner policy.
Personal Data We Process
Personal data refers to any information relating to an identified or
identifiable natural person (“Personal Data”).
We may collect data or ask you to provide certain data when you visit
and use our websites, products and services. The sources from which we
collect Personal Data include:
We do not process special categories of personal data or deduce in any
way this type of information from data we collect within our products.
We organize the Personal Data we process into these basic categories:
Billing Data, Account Data, and Product Data.
Account Data includes information needed to set up and customize an account, such as your name, email address and username, and information connected with our services, such as license keys. For some of our products or some of their functions creating an account is necessary. See below an example of Account Data and what we use it for:
Account data |
What we use it for |
Name |
To customize our communications by addressing you by your name |
Email address |
To send you communications regarding your license and support |
Username |
To manage your account and facilitate your login into the service |
Subscription renewal date |
To tell us until when the account is valid |
Trial User |
To add a trial period before the account is charged |
An account is also necessary for some features of our Forum. You have the option to provide additional information within your account such as personal texts, disclose your birth date, identify your gender, instant messaging number, messenger username, or website name and address, disclose your physical location, and select an avatar or personalized picture. Any information you provide here will be visible to other users (including your total number of posts, and posts per day, the date and time you registered, your local time, and the date and time of your last activity).
We use your Personal Data for the following purposes and on the
following grounds:
On the basis of fulfilling our contract with you or entering into a
contract with you on your request, in order to:
On the basis of legal obligations, we process your Personal Data when it
is necessary for compliance with a legal tax, accounting, anti-money
laundering, legal order, sanction checks or other obligation to which we
are subject.
On the basis of our legitimate interest we will use your Personal Data
to:
For the above mentioned processing operations, we have balanced your interests against our interests. In any case, you have the right to object, on grounds relating to our particular situation, to those processing operations. For more details please see section Your Privacy Rights.
Before relying on our legitimate interests, we balanced them against
your interests and made sure they are compelling enough and will not
cause any unwarranted harm. With respect to the purposes below we
consider necessary to explain what our interests are in detail.
Systems, Apps and Network Security We process Personal Data for network
and information security purposes. In line with EU data protection law,
organizations have a recognized legitimate interest in collecting and
processing Personal Data to the extent strictly necessary and
proportionate for the purposes of ensuring network and information
security. This primarily covers the ability of a network or of an
information system to resist events, attacks or unlawful or malicious
actions that could compromise the availability, authenticity, integrity
and confidentiality of stored or transmitted data, or the security of
the related services offered by, or accessible via those networks and
systems.
Both as an organization in our own right, and as a provider of
cybersecurity technologies and services which may include hosted and
managed cybersecurity technology services, it is necessary for the
functionality of our systems, products and services and in our
legitimate interests as well as in our users’, to collect and process
Personal Data to the extent strictly necessary and proportionate for the
purposes of ensuring the security of our own, and of our users’
networks, devices, and information systems. This includes the
development of threat intelligence resources aimed at maintaining and
improving on an ongoing basis the ability of our networks and systems,
and those of certain partners, to resist unlawful or malicious actions
and other harmful events (“cyber-threats”).
The Personal Data we process for said purposes includes, without
limitation, network traffic data related to cyber-threats such as:
Sender email addresses (e.g., of sources of SPAM); Recipient email
addresses (e.g., of victims of targeted email cyberattacks including
phishing); Reply-to email addresses (e.g., as configured by
cybercriminals sending malicious email); Filenames and execution paths
(e.g., of malicious or otherwise harmful executable files attached to
emails); URLs and associated page titles (e.g., of web pages
broadcasting or hosting malicious or otherwise harmful contents); and/or
IP addresses (e.g., of web servers and connected devices involved in the
generation, distribution, conveyance, hosting, caching or other storage
of cyber-threats such as malicious or otherwise harmful contents).
Depending on the context in which such data is collected, it may contain
Personal Data concerning you or any other Data Subjects. However, in
such cases, we will process the data concerned only to the extent
strictly necessary and proportionate to the purposes of detecting,
blocking, reporting (by removing any personally identifiable elements)
and mitigating the cyber-threats of concern to you, and to secure your
network, device and systems. When processing Personal Data in this
context, we do not seek to identify a Data Subject.
In-product and Email Messages We have a legitimate interest for
messaging our users about possible security, privacy and performance
improvements and products that supplement or improve purchased products.
If you are our customer, we feel a responsibility to inform you about
security and utility improvements and possible problems to your device
and software that go beyond our product that is installed and provide
you with effective solutions relevant to these problems. We thus have
legitimate interest to optimize the content and delivery of this type of
communication to you so that you will be most likely to find them
relevant and non-intrusive at the same time.
Product and business improvement We have a legitimate interest to use
necessary Personal Data to understand user conversions, acquisitions and
campaign performance through various distribution channels, and users’
download, activation and interactions with our products because these
analytics help us improve functionality, effectiveness, security and
reliability of our products and business activities and develop new
products. This processing includes using third-party tools. Please refer
to our Products Policy for the list of third-party tools used for the
specific products and services.
We do our best to disconnect or remove all direct identifiers from the Personal Data that we use:
For paid products including antivirus, virtual private network (“VPN”),
and performance, your IP address is collected at the time at which your
product or service is being provided, for the purpose of facilitating
our billing process. Specifically, our third-party billing partner will
collect your IP address for its billing process; we do not store the IP
address from this process.
For free and paid products including antivirus, your IP address is also
processed for the purpose of downloading certain products, product
authorization, fraud and malware detection.
Please refer to our Products Policy for specific use of IP address by
our products and services.
We use your answers from surveys, in which you can participate, and
relevant Product Data to personalize communication and recommend our
relevant products for you.
We do not take any decisions solely based on algorithms, including
profiling, that would significantly affect you.
We only disclose your Personal Data as described below, within our group, with our partners, with service providers that process data on our behalf and with public authorities, as required by applicable law. Processing is only undertaken for the purposes described in this Privacy Policy and the relevant Products Policy sections. If we disclose your Personal Data, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
We may use contractors and service providers to process your Personal
Data for the purposes described in this Privacy Policy and Products
Policy. We contractually require service providers to keep data secure
and confidential.
Such service providers may include in particular contact centers,
professional consultants (including for defence or exercise of our
rights), and marketing/survey/analytics/software suppliers.
Sometimes these service providers, for example, our distributors,
resellers, and app store partners, will be independent controllers of
your data and their terms and conditions, end user license agreements
(“EULA”) and privacy statements will apply to such relationships.
To be able to offer our products and services for free, we serve
third-party ads of advertising companies in our products for mobile
devices. To enable the ad, we embed a software development kit (“SDK”)
provided by an advertising company into the product, which then collects
Personal Data in order to personalize ads for you.
Please note that only few of our free products serve third-party ads.
You will be asked for consent during the installation process of such
product. For further information, including the exact scope of processed
Personal Data and names of relevant products, please refer to our
Consent Policy which includes the list of our advertising partners and
their privacy policy.
We may provide your Personal Data to our partners for the purpose of distribution, sale or management of our products. Our partners may use your Personal Data to communicate with you and others about Avast products or services. In addition, you purchase our products directly from our distributor, a reseller, or an app store. Because your relationship in these cases is with that distributor, reseller or an app store, such third party will also process your Personal Data.
Our websites use cookies to personalize your experience on our sites, tell us which parts of our websites people have visited, help us measure the effectiveness of campaigns, and give us insights into user interactions and user base as a whole so we can improve our communications and products.. While using our websites, you will be asked to authorize the collection and use of data by cookies according to the terms of the Cookie Policy.
In certain instances, it may be necessary for us to disclose your Personal Data to public authorities or as otherwise required by applicable law. No Personal Data will be disclosed to any public authority except in response to:
Like any other company, we too go through its own cycle of growth,
expansion, streamlining and optimization. Its business decisions and
market developments therefore affect its structure. As a result of such
transactions, and for maintaining a continued relationship with you, we
may transfer your Personal Data to a related affiliate.
If we are involved in a reorganization, merger, acquisition or sale of
our assets, your Personal Data may be transferred as part of that
transaction. We will notify you of any such deal and outline your
choices in that event, when applicable.
We are a global business that provides its products and services all
around the world. In order to reach all of our users and provide all of
them with our software, we operate on an infrastructure that spans the
globe. The servers that are part of this infrastructure may therefore be
located in a country different than the one where you live. In some
instances, these may be countries outside of the European Economic Area
(“EEA”). Regardless, we provide the same GDPR-level of protection to all
Personal Data it processes.
At the same time, when we transfer Personal Data outside of the EEA, we
always make sure to put in place appropriate and suitable safeguards,
such as standardized contracts approved by the European Commission, and
to ensure that your data remains safe and secure at all times and that
your rights are protected.
Situations where we transfer Personal Data outside of the EEA include
provision of our products and services, processing of transactions and
your payment details, and the provision of support services. Further, an
outside-EEA transfer may also occur in case of a merger, acquisition or
a restructuring, where the acquirer is located outside of the EEA (see
the Mergers, Acquisitions and Restructurings section).
We maintain administrative, technical, and physical safeguards for the protection of your Personal Data.
Access to the Personal Data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
We store your personal information in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and security practices that we deem adequate.
Access to user information in our database by Internet requires using an encrypted VPN, except for email which requires user authentication. Otherwise, access is limited to our physical premises. Physical removal of Personal Data from our location is forbidden. Third-party contractors who process Personal Data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more Personal Data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
We have products and services designed specifically to assist you as a parent by providing child online protection features. In such cases, we will only collect and process Personal Data related to any child under 13 years of age, which you choose to disclose to us or otherwise instruct us to collect and process. Details about this processing is included in our Products Policy. Please refer to the specific applicable notices for this information.
The data we collect from you may be stored, with risk-appropriate
technical and organizational security measures applied to it, on
in-house as well as third-party servers in the Czech Republic, in the
United States, as well as anywhere we or our trusted service providers
and partners operate.
In all cases, we follow generally accepted standards and security
measures to protect the personal data submitted to us, both during
transmission and once we receive it.
The fulfillment of data subject rights listed above will depend on the
category of Personal Data and the processing activity. In all cases, we
strive to fulfill your request.
We will action your request within one month of receiving a request from
you concerning any one of your rights as a Data Subject. Should we be
inundated with requests or particularly complicated requests, the time
limit may be extended to a maximum of another two months. If we fail to
meet these deadlines, we would, of course, prefer that you contact us to
resolve the situation informally.
Where requests we receive are manifestly unfounded or excessive, in
particular because of their repetitive character, we may either: (a)
charge a reasonable fee taking into account the administrative costs of
providing the information or communication or taking the action
requested; or (b) refuse to act on the request.
For the free versions, we do not and will not maintain, acquire or
process additional information solely in order to identify the users of
our free products and services. This is simply not necessary for the
free versions of our products to be provided to you and function.
This means, when you use a free version of our products and services,
you may contact us with a request concerning your Personal Data. Please
note, consistent with our privacy by design, privacy by default and
minimization practices, we may not be able to identify you in connection
with your Product Data about your specific free products and services.
If such a situation occurs, please go to your product settings and
explore your options.
You can make certain choices about how your data is used by us by adjusting the privacy settings of the relevant product. Please check your product settings to set your privacy preferences there.
In order to make it easier for you to reach out to us and obtain the necessary information and action changes, corrections or deletions of your Personal Data, we have decided to provide you with a portal, which can show you the Billing Data and Account Data we have collected from you as well as your email preferences.
know what personal information is being collected about you; know whether your personal information is sold or disclosed and to whom; say no to the sale of personal information (right to opt out); request deletion of your personal information; information will be deleted if no exception applies (including our right to defend our lawful interests);
access your personal information; specific information shall be provided in a portable and, to the extent technically feasible, in a readily useable format but not more than twice in a 12-month period; equal service and price, even if you exercise your privacy rights (right to non-discrimination). Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such personal information was disclosed.
We hereby disclose that we have not disclosed any such personal information as defined by the California Civil Code § 1798.83 regarding any California resident during the one-year period prior to the effective date of this Privacy Policy with the exception of:
third-party advertising cookies stated in our Cookie Policy. third-party ads in products listed in our Consent Policy. Right To Opt Out Of Sale If your personal information is subject to a sale you have the right to opt out from that sale.
A few of our free products serve third-party ads. You will be asked for consent during the installation process of such a product. For further information, including the exact scope of processed Personal Data and names of relevant products, please refer to our Consent Policy which includes the list of our advertising partners and their privacy policy. You can opt out from this processing by upgrading to a paid version of the same product or by uninstalling the product.
Please note that we do use third-party cookies for our advertising purposes as further described in our Cookie Policy where you can also find instructions on how to opt out of these cookies.
We will respect your decision to opt out for at least 12 months before asking you again to authorize the sale of your personal information.
You can submit your requests using contacts indicated below in the Contact Us section. If you are a California resident under the age of 18, you may be permitted to request the removal of certain content that you have posted on our websites. We will verify your request by matching your email address and, if necessary, other information you provide in your request against the email address and other information we have in our system. You can also designate an authorized agent to exercise these rights on your behalf. We may require that you provide the authorized agent with written permission to act on your behalf and that the authorized agent verify their identity directly with us.
AVG TuneUp for Windows, AVG TuneUp for Mac (collectively as “TuneUp”)
TuneUp is an ultimate tune-up program which speeds up and cleans your PC (Windows and Mac), updates installed apps, and fixes other problems.
TuneUp for Windows:
Service Data |
What we use it for and for how long |
Events and product usage (such as product version, product language, license type, days to expiration, number of potential problems or detected junk) |
Service Provision (up to 12 months)
In-product Messaging (12 months)
Product and Business Improvement
|
Device Data |
What we use it for and for how long |
Internal online identifiers (GUID, MIDEX, UUID, Device ID) |
Service Provision (up to 12 months)
In-product Messaging (12 months)
|
Information concerning device (platform, types of cleaning objects, objects size, app name, vendor, version, rating, certification) |
Service Provision (up to 12 months)
In-product Messaging (12 months)
Product and Business Improvement (up to 12 months)
|
Location (country, region, city, latitude, longitude, internet service provider, internet autonomous system) |
Service Provision (up to 12 months)
In-product Messaging (12 months)
Product and Business Improvement (12 months)
|
Applications (our other products, installed applications on a user’s computer) |
Service Provision (up to 36 months)
In-product Messaging (6 months)
Product and Business Improvement (up to 36 months)
|
The third-party analytics tool we use for TuneUp is Google Analytics. For further information regarding our third-party analytics partner, including its privacy policy, please refer to our Privacy Policy.