Privacy notice

Noralabs Privacy Policy

As the world’s most trusted antivirus software company, we aim to defend you against threats in cyberspace. To do so, we may have to collect your personal data to provide you with the best weapons and the most up-to-date security. We do not take your trust for granted. As a multinational company with its headquarters in the Czech Republic, we conform our data use to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”), with effect from 25 May 2018. Therefore, in our Privacy Policy, we explain what we do, how we do it, your choices, and how we may need your cooperation to help you stay safe. You want to visit What Happens to Your Personal Data and its sections:

1.  How we use Personal Data
2.  Choice and Portal
3.  Billing Data
4.  Support
5.  Marketing
6.  Online Identifiers
7.  In-Product Messaging
8.  Service Data
9.  Account Data
10.  Live Events and Competitions

You want to review each of these sections on this page:

1. Our Policy’s Aims
2. Know Your Rights
3. When Our Privacy Policy Applies
4. When Our Privacy Policy Does Not Apply
5. Disclosing Your Personal Data to Third Parties
6. International Transfers of Your Personal Data
7. Sharing of Information among Noralabs Entities
8. Storage, Retention, and Deletion of Your Personal Data
9. Data Security
10. Other Jurisdictions
11. Policy Changes
12. Contacting Us
13. Data Protection Officer

 

1.         Our Policy’s Aims

1.1     The Noralabs Privacy Policy applies to Noralabs Software ("Noralabs") and unless specified, its subsidiaries, and any contractors, representatives, agents, and resellers while they are working on our behalf (collectively “we,” “us” or “our”).

1.2     Our Privacy Policy explains the processing of your personal data by us and establishes what information we collect, or which is provided to us, and how we use and protect your personal data in compliance with applicable law.

1.3     Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, identification number, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic, cultural or social identity or other information that is specific to you.

1.4     We do not mean information that only refers to a business corporation or organization. We also do not mean information that has been "anonymized," either by removing or de-identifying all specific identifiers. Anonymous data is not personal data when the anonymization is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.

1.5     As a data controller, we commit ourselves to protecting the privacy of our website visitors and users of our products and services with respect to the processing of your personal data.

1.6     Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.

1.7     Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards.  Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseudonymized. For example, the processing of your personal data may be for the business-related process of counting users, products, sales and various metrics.  We also share statistical data that has been anonymized and aggregated geographically and so, cannot be used to identify individuals, with third parties for trend analytics.

1.8     Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain. The length of this retention and how you may choose to request that we delete some or all your personal data and the consequences of the deletion are explained in this policy.

1.9     Some of the legal bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.

1.10   We want you to have the necessary and relevant understanding of how and why we process your personal data so that you can make fully informed decisions on whether to allow us to retain your personal data or delete them. Section 2 explains your rights under applicable law and section 3 lets you know when the Privacy Policy applies.

1.11   We strive to keep the policy easy to understand and transparent, and so we refrain from technical information overload. If you wish to have further details on how we process your personal data, please contact us.

2.       Talk to Us about Your Data

2.1     We try to ensure that the users of our products and services always have an open line of communication with us. You can contact us at any time if you any questions, queries or requests about your personal data and, if European law applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data. We appreciate if you reach out to us first before you approach any supervisory authorities or courts.   

2.2     In order to make it easier for you to reach out to us and obtain the necessary information and action changes, corrections or deletions of your personal data, we have decided to provide you with a privacy preference portal.

2.3     Aside from the privacy preference portal, you can also submit your requests through more traditional channels. We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to settle the matter informally.

2.4     There could be instances where you are using our products or services, but we do not have your personal data, even though you have purchased our products or services. These include situations where you purchase our products from our service provider, a reseller, or an app store. Because your relationship in these cases is with that service provider, reseller or an app store, we do not actually have your personal data and will not be able to perform your request to access or delete your information. In such circumstances, please contact your service provider, reseller, or app store where you purchased the products or services, as this person is the primary controller of your personal data.

3.         When Our Privacy Policy Applies

            You should know that our Privacy Policy applies to the following situations and    activities:

3.1       Online activities

Any personal data collected from you when you visit our websites or use our products or services           

3.2       Phone contacts

Any personal data collected from you when you call us for sales, service, or customer support.

3.3       Offline contacts

Any personal data collected from you at a "live" or in-person event such as a trade show or promotion.

3.4       Reseller information

Any personal data, including contact information such as telephone number and email address, collected from Noralabs resellers or sub-resellers.

3.5       Other circumstances

Any personal data collected from you when you contact us by email or by clicking the "report a virus" link on our website or by requesting online service or support, or opening a support ticket, or through our media contact or news subscription services, or other occasions.

4.          When Our Privacy Policy Does Not Apply

4.1 Third Party Sites

•  Clicking on a thumbnail or profile link on our "Community" pages

This will take you to the third-party site from which the thumbnail or link was imported. By using a user ID from a third-party site, you agree to be governed by the terms and conditions, privacy policy, and data security policy of the third party. You also agree that we are not responsible for any loss or damage you may suffer from your dealings with the third party, or your use of or reliance on any of that party's content.

•  Submitting a search query

When you submit a search query you are indicating that you consent to having your search query and history transmitted to third party search providers and to being redirected to third party sites, where the privacy policies of the third parties apply.

•  Third party links

Third parties may also provide links to other websites and mobile applications (apps). Any sharing of data with third parties through access to and use of third party advertisements, their linked websites or mobile apps is not governed by this privacy policy, but instead is governed by the privacy policies of those third parties.

•  Third party privacy practices

We are not responsible for the privacy practices of third parties. Your use of a third-party site will be governed by the terms and conditions, privacy policy, and data security policy of the third-party site.

5.       Disclosing Your Personal Data to Third Parties

5.1     Disclosure to third parties

We are required to disclose your personal data to unrelated third parties in limited circumstances:

•  where necessary to satisfy a legitimate government request or order;
•  in compliance with a legal requirement by a court of law or in the public interest;
•  in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
•  where we hire a contractor to perform a service for us, such as product development or market research (but not if doing so would violate the terms of our privacy policy, or laws governing personal data);
•  if we obtain your permission; or
•  if necessary to defend ourselves or our users (for example, in a lawsuit).

5.2     We are also required in a few limited situations to share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party working for us, we may share your personal information with the third party to respond to your request. This third party may also transmit back to us any new information obtained from you in connection with providing the service or product.

5.3     When you contact us or a third-party service provider working on our behalf, our service provider may suggest upgrades to our products or services. Our service provider may also suggest products or service that the service provider offers which are not Noralabs products or services. In this case, you will be clearly advised that the product or service is offered by the third party and not by Noralabs, and you will be subject to the terms and conditions, end user license agreement (EULA), and privacy policy of the third-party service provider.

5.4     We offer third party browsers to new users of certain products, such as our antivirus products.  Whether you install the third party browser is in your discretion.

5.5     For certain mobile products, we offer third party ads.  While we do not share your personal data with the ad network, data from your device including its IP Address, is used by the ad network to enable the delivery of the ads.  If you do not want to view third party ads, you have the choice to change to a paid version of the product.  If you are served a third party ad and you click on the ad, your data will be governed by the relevant third party whose ad you clicked on.

5.6     We reserve the right to store and use the information collected by our software. We may publish or share that information with third parties that are not part of the Noralabs Group, but we will only ever do so after anonymizing the data.

6.       International Transfers of Your Personal Data

6.1     We are a global business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”), where the level of protection provided by the laws of these countries may be different than the high standard enshrined in the GDPR. Regardless, we provides the same GDPR-level of protection to all personal data it processes.

At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards, such as standardized contracts approved by the European Commission, which legally bind the receiving party to adhere to a high level of protection, and to ensure that your data remains safe and secure at all times and that your rights are protected.

Situations where we transfer personal data outside of the EEA include provision of our products and services, processing of transactions and your payment details, and the provision of support services.

7.       Sharing of Information among Noralabs Entities

7.1     Our data collection and management practices do not vary by location. We follow the same “data minimisation” procedure with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one member of the Noralabs Group to another.

7.2     We reserve the right to store and use the information collected by our software and to share such information among the Noralabs Group to improve our current and future products and services, to help us develop new products and services, and to better understand the behaviour of our users.

7.3     Any reference in this policy to “Noralabs Group” means Noralabs, its, direct and indirect, parent companies and any company that is, directly or indirectly, controlled by or under common control with Noralabs or its parent companies.

8.       Storage, Retention, and Deletion of Your Personal Data

8.1     Storage of Information

          We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf.

          The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorised personnel only, and company networks are password protected, and subject to additional policies and procedures for security.

8.2     Access by our contractors

          We or our contractors, subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.

Noralabs

8.3     Retention and Deletion of Your Personal Data

          We retain data for limited periods when it needs to be kept for legitimate business or legal purposes. We collect data when you purchase and as you use our services. What we collect, why we collect it, and how you can manage your information. If you purchased a service or registered an account with us.  Also, you can manage in the product settings how certain data is used. 

For each type of data, we set retention timeframes based on the reason for its collection and processing.  Some data you can delete whenever you like, and some data is deleted automatically as soon as we do not need it for our legitimate business or legal purposes. We do not delete data that we need for our legitimate or legal purposes, even upon request, until the purposes expire. We also take steps to anonymize certain data within set time periods. For example, we strive to anonymize IP Addresses by substituting city and country after thirty days.  We may also amend the personal data we keep in such a way that you cannot be identified, for example, by hashing. We may retain a “key” to the hashing, but we will securely store it separately from the hashed data.

When the data is deleted, we remove it from our servers or retain it only in anonymized form.

The following describes why we hold onto different types of data for different periods of time.

- We keep your data for the life of your subscription or account, if it’s necessary for the service (such as for activation, billing, support, communication) or if it helps us understand how users interact with our features and how we can improve our services.  

- If you registered an account with us, we will keep data in your account until you choose to delete the account.

- If you subscribe to a recurring newsletter, we will keep your information to continue to fulfil your subscription request. In the case of the Forum, the Support Portal, or news and blogs, your account data is kept active until you delete it.

         

We have business and legal requirements that require we retain certain personal data, for specific purposes, for an extended period of time. For example, when our authorized partner processes a payment for you, or when you make a payment, your data will be retained for as long as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:

•  Security, fraud & abuse prevention
•  Financial record-keeping
•  Complying with legal or regulatory obligations, including for investigations, enforcement, or when legally actionable
•  Ensuring the continuity of our services
•  Direct communication with you and our authorized partners, such as for service activation, billing, support, and marketing. 

9.     Data Security

9.1   Safeguards for protection of personal information

We maintain administrative, technical, and physical safeguards for the protection of your personal data.

9.2   Administrative safeguards

Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.

9.3   Technical safeguards

We store your personal information in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and security practices that we deem adequate.

9.4   Physical safeguards

Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.

9.5   Proportionality

We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.

9.6   Notification in the event of breach

In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected.

We may tailor the method of notice depending on the circumstances. Where the only contact information that we have for you is an email address, then the notification will necessarily be by email. We may also elect to give you notice via our in-product messaging system. Where we believe there are affected users for which we have no contact information on file, we may give notice via publication on our company website.

We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.

10.     Other Jurisdictions

Residents of the Russian Federations

We collect and process personal data on the territory of the Russian Federation in strict compliance with the applicable laws of the Russian Federation.

We collect and process personal data (including sharing it with third parties) only upon the consent of the respective individuals, unless otherwise is provided for by the laws of the Russian Federation. You will be asked to grant your consent by ticking the respective box / or clicking “I accept” button or through similar mechanism prior to having access to the site, and/or when submitting or sharing the personal data we may request. We collect and use your personal data only in the context of the purposes indicated in the consent to processing of personal data.

We (directly or through third party contractors specifically authorized by us) collect, record, systematize, accumulate, store, actualize (update and amend), extract personal data of the Russian Federation citizens with the use of databases located on the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process personal data of Russian citizens using databases located outside of the Russian Federation subject to compliance with Russian data protection legislation.

We undertake all the actions necessary to ensure security of your personal data.

You are legally entitled to receive information related to processing your personal data. To exercise this right, you have to submit a request by e-mail at: customerservice@avg.com with the headline “PRIVACY REQUEST” in the message line.

You have the right to revoke the consent at any time by sending us an e-mail at: customerservice@avg.com with the headline “PRIVACY REQUEST” in the message line. Once we receive the revocation notice from you we will stop processing and destroy your personal data, except as necessary to provision the contract or service to you. However, please note once you have revoked your consent, we may not be able to provide to you the products and services you request, and may not be able to ensure proper work of our products.

We do not transfer your personal data to the countries that under Russian law are not deemed to provide adequate protection to the individuals’ rights in the area of data privacy.

We do not offer, sell or otherwise make available our products or services that have access to, collect and process (or allow us to do the same) personal data of third parties in the Russian Federation without the consent of such third parties.

If any provisions of this Policy contradict the provisions of this section, the provisions of this section shall prevail.

Your California Privacy Rights

Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy Policy. California residents seeking additional information on this requirement or our privacy practices in general may write to us at customerservice@avg.com with the headline “PRIVACY REQUEST” in the message line. They may also send paper mail to Noralabs Software s.r.o., Pikrtova 1737/1a, 140 00, Prague 4, Czech Republic. Please write "Attention: PRIVACY" in the address.

11.     Policy Changes

11.1   Updates to our Privacy Policy will occur from time to time and we will publish these changes on our website.

11.2   We suggest that you check our Privacy Policy every so often to keep yourself informed.

11.3   Where the changes are major, we will notify you by email if you have an Noralabs account or through posts on our website.

12.     Contacting Us

12.1   We are registered as Noralabs Software.

12.2   Dispute resolution

We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, please contact us.

12.3     Contact Details

•  You can always reach us by email.

Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Noralabs team respond.

•  If you prefer, you can send paper mail to NORALABS Software. Be sure to write "Attention: PRIVACY" in the address so we know where to direct your correspondence.

13.     Data Protection Officer

13.1   As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via dpo@avg.com.

What Happens to Your Data

Let us take you into the intricacies of what happens to your data. You may like to navigate directly to the sections as follows:

1.  How we use Personal Data
2.  Choice and Portal
3.  Billing Data
4.  Support
5.  Marketing
6.  Online Identifiers
7.  In-Product Messaging
8.  Service Data
9.  Account Data
10.  Live Events and Competitions
11.  How We Use Personal Data We Collect

The personal data we collect may come directly from you or we may obtain it from other sources, such as our service providers and resellers.

We want you to understand the types of personal data we process and if we do not obtain your personal data directly from you, the source we used, and the specific data collected.

We collect personal data for these reasons: to process the purchase of a product or service; to provision the product or service to you; and for the legitimate interests of us. We use no more than the minimum amount of personal data needed for the processing. We also use personal data only when the processing is necessary for our or our third party’s legitimate interests.

When our use of your personal data is based on our legitimate interests and is compatible with the provision of service, you have the right to object. In some cases, you may exercise your right to object directly, for example you may unsubscribe to email marketing messages or you may choose to turn off data use in the applicable product settings. Noralabs is a global business and we have operations and personnel around the world who process personal data. We have standard contractual clauses in place among its affiliates which govern the transfer and use of personal data.

In the following sections, we explain the personal data we collect. Please be mindful that some of the categories may collect the same personal data.

1.  Choice and Portal

You can make certain choices about how your data is used by us. For example, if you have purchased a product or service from us, you will be able to choose how data collected from you is used. This choice is made in the relevant product settings. Please note, if you purchased a product from us and in your product settings you do not see one or more of these choices, it means your collected data is not being used in that particular category. The choices are:

· Cross-product direct marketing: – when we offer you another product from a company within our group.

· Cross-product development – when we collect data from one product and use it for the development of another product.

· Third Party Ads – when we offer any third-party products.

· Third party analytics – when we share your data with a third party for analytics, such as purchase optimization, crash reporting, and trend analytics. Note, all free users and paid customers can choose to turn of this feature.

Likewise, if you purchased our products from a reseller or a distributor (e.g. business products) or you purchased a mobile product from an app store (e.g. Google Play or Apple App Store) we will not display your Billing Data in the portal because we do not have it; the reseller, distributor, or app store does. You would need to request a view of your Billing Data from your reseller, distributor, or app store. Also, for the Billing Data that we do collect, as we store it and use it separately from your Service Data, we will not display any of your Service Data in the portal.

If you have purchased a product directly from us, through one of its third party service providers, or you have requested support from one of our technical support providers, or you have registered an Account with us, you will need to use the same email address you previously provided us to login to the portal. If you have never purchased a product or provided us with your email address (e.g. you are a free user, a mobile user, or a mobile paid customer), you will not be able to access the portal, because we do not have any Billing Data or email address collected from you.

The portal is for your convenience only. It is generally read only. This means, you are able to see your choices but not able to edit your choices in the portal. To edit your choices, you need to do so in the applicable product settings.

1.  Billing Data

Paid Products and Services for your personal computer

When you purchase "premium" or pay for products or services for your personal computer, the billing is handled by a third-party service provider. The service provider is acting as our agent; thus, you will be making your purchase from the service provider directly, and not from us.

If you purchase a "premium" or paid product or service, we, through our third-party service providers, will collect your name, email address, credit card number, and in certain circumstances, your billing address and your phone number (collectively “Billing Data”). Your Billing Data will be retained for as long as is necessary to complete payment, including any renewal periods.

Your Billing Data is collected by our third-party service providers only where necessary for the purposes of processing or refunding your payments, or so that they can communicate with you. Your Billing Data may also be retained for legal reasons, for example, taxation.

The third-party service provider may transmit your Billing Data (excluding credit card number) to us. We use the Billing Data to create a record of its software installations or service requests.

We may process and store the Billing Data we receive, to verify your registration or license status, to contact you about the status of your account, or for renewal of your subscription, if applicable. We process the Billing Data as necessary for the provision of the contract and service.

In all cases where your credit card number is processed by a third-party service provider, we have determined that the service provider follows data privacy and security procedures that we deem adequate. Some of these third-party service providers are subject to the enhanced data privacy rules of the European Union. Others have self-certified annually to comply with the EU-US Privacy Shield or the Swiss-US Privacy Shield.

In all cases such third-party service providers have executed agreements with us promising not to use your personal data for their own marketing purposes, and not to share this information with other parties for their unrestricted use.

We store your Billing Data separately from your Service Data (defined below).

We may change service providers as we carry out our business. In that case, your Billing Data will be transferred from one service provider to another. When this happens, you will be informed of such transfer.

Paid Products and Services for your mobile device

When you purchase "premium" or pay for products or services for your mobile device, the billing is handled by a third-party app store, such as Google Play and Apple iTunes. You will be making your purchase from the third party app store directly, and not from us.

Your Billing Data is collected by the third party app store and your Billing Data is not shared with us.

Paid Products and Services for your business

When you purchase "premium" or pay for products or services for your business, the billing is handled by our reseller or distributor. You will be making your purchase from the reseller or distributor directly, and not from us.

Your Billing Data is collected by the reseller or distributor. Your Billing Data, excluding your credit card number, may be shared with us. We use the Billing Data to create a record of the software installations.

We may process and store the Billing Data we receive, to verify your registration or license status. But, generally, we will not contact you. Your reseller or distributor will contact you about the status of your account, or for renewal of your subscription. We process the Billing Data as necessary for the provision of the contract and service.

The handling of your Billing Data (excluding your credit card number) shared with us by the service provider, reseller, or distributor will be governed by this Privacy Policy and the End User License Agreement applicable to the product or service from us. Your Billing Data inclusive of your credit card number collected by the service provider, reseller, distributor, or third party app store to process your payment and renewal will be governed by any privacy policy or terms of service published by the applicable third-party service provider, reseller, distributor, or the third party app store.

In some instances, we change resellers or distributors as we carry out our business. In that case, your Billing Data will be transferred from one reseller or distributor to another. When this happens, you will be informed of such transfer.

What about Free Products?

You are not required to disclose Billing Data to download our free products and services for your PC and mobile device, which includes free AntiVirus,.

1.  Support

We directly or through our third party technical support service provider(s) collect your name, email address, phone number(s), home or work address, or other information by which we may identify you while providing technical support. We need this data for verification and to communicate with you about your support request.

In cases where you request individual support or assistance we may ask you to provide information about your device or computer, your means of accessing the Internet, or information about your internet service provider. To provide the technical support we also collect data that may include your email address, IP Address, information about your hardware and software, the URLs of sites you have visited, files stored on your computer (including potentially dangerous or infected files), email messages (whether stored on your computer or elsewhere), information regarding senders and receivers of email messages, and the like. If you request support, we may offer you the option of accepting a remote session in which we take control of your device or computer in order to help you resolve the issue.

Information collected while providing the support will not be used for secondary purposes, other than, we may use your email address to send you information about our other products or services. If you contact us for support, we may suggest that you upgrade or update products or services. Information and data connected to provision of support will be retained by us to have a history of support requests and for support research purposes.

E. Marketing

When we collect your email address, we may market our other products and services to you. You may choose to unsubscribe from future email marketing by following the instructions in the email.

Generally, we do not serve third party ads in its products for the personal computer. We may serve third party ads in our products for mobile devices.

To be able to offer you our services for free, we show third party ads within your mobile apps through popular ad networks, which are listed below. We display an AdChoices logo on top of every ad. You can tap the icon to learn more about the ad network.

To enable the ad, we embed a third-party software development kit (SDK) for these ads. The SDK code is provided by third party ad agencies or networks.

Data of our mobile users remain anonymous to us and to the third party ad agencies. However, the ad agencies’ SDK code will collect data to tailor ads to you, such as the third-party apps you installed on your device, your Android advertising identifier, your IP Address, your device's operating system details and MAC address, and other statistical and technical information.

1.  Online Identifiers

GUID

The GUID is a randomly generated number that we assign to each installation of software. For paid customers of products and services for your personal computer, the GUID is connected to your Billing Data. For free users of products and services for your personal computer and your mobile deice, and for paid customers of business and mobile products and services, as there is no Billing Data collected by us, the GUID is disconnected from personal data.

The GUID is used for many purposes, which will be described in this Privacy Policy.

 

Cookies

Our websites use cookies to acquire data that may be used to determine your physical location via your Internet Protocol address (“IP Address”) and automated geolocation techniques, or to acquire basic information about the computer, tablet, or mobile phone that you use to visit us. See description below. By using our websites, you authorize the collection and use of data by cookies according to the terms of this privacy policy.

We use common information-gathering tools, such as cookies, pixel tags and Web beacons, to collect information about your general internet usage. When you visit our websites, a cookie file is stored on your browser or the hard drive of your device. Technologies such as: cookies, beacons, tags and scripts are used by us and our marketing partners, affiliates, or analytics or service providers (e.g. payment processor, etc.). These technologies are used in analyzing trends, administering the site, tracking your movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. You authorize us and agree that we may place cookies or tracking technologies on your device.

Across all of our websites, we may use the following cookies or tracking technologies:

Cookie	Purpose	Party	Cookie Provider
Google API	Functionality	3	Google
Analytics	analytics & tracking	1	us
AdWords	retargeting	3	Google
DCM	retargeting	3	Google
Optimize	analytics & tracking	1	us
Hotjar	analytics & tracking	1	us
Optimizely	analytics & tracking	1	us
Visual Website Optimizer	analytics & tracking	1	us
Facebook	retargeting	3	Facebook
LinkedIn	retargeting	3	LinkedIn
My Target	retargeting	3	VKontakte
Outbrain	retargeting	3	Outbrain
A8Fly	affiliate	1	us
AXM	retargeting	3	MediaMath
Commision Junction	affiliate	1	us
Bing	retargeting	3	Microsoft
Captera	retargeting	3	Captera
Criteo	retargeting	3	Criteo
Ginga	retargeting	3	Signal
Softonic	retargeting	3	Softonic International
SalesForce	retargeting	3	salesforce.com
Sklik	retargeting	3	Seznam
Hubspot	CMS	1	us
Twitter	retargeting	3	Twitter
SoundCloud	podcasts	3	SoundCloud
Iron Source	retargeting	3	Ironsource
apex__NoralabsLocale	locale switcher	1	us
apex__avgLocale	locale switcher	1	us
hidemyassComLocale	locale switcher	1	us
apex__language	locale switcher	1	us
avgLocale	locale switcher	1	us
geoip	locale switcher	1	us
sat_track	analyticst & tracking	1	us

Please note that not all of our websites use all of these cookies.

We may partner with a third party either to display advertising on our site or to manage our advertising on this site and other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. By continuing to browse our websites, you are aware of the use of cookies, as described in this Privacy Policy. If you do not wish to allow the use of cookies, you can disable them through your browser settings. We do note, however, that not all browsers across all platforms may support this functionality. Furthermore, if you disable cookies, our websites may not function properly or your access to our websites and their features may be affected or restricted.

IP Address

We collect your IP Address to provision your product or service. We also use the IP Address with mobile products to serve ads. We strive to replace your IP Address within sixty days of collecting it with your city and country or we hash your IP Address.

1.  In-Product Messaging

We sometimes communicate with you using a technique known as "in-product messaging." In-product messaging may be used in the following scenarios:

· when your license is about to expire;

· when you update or upgrade a program;

· when a virus database is updated;

· when you visit an infected webpage;

· when a monthly security report is prepared for you; or

· in other cases where user communication is necessary for provision of our products or services.

We also use in-product messaging to notify you of different products or upgrades to existing products and services. Data used for in-product messaging is connected to the GUID for in-product messaging to function. For free users, this data remains anonymous and for paid customers, the data is pseudonymized.

Billing Data is however not used for in-product messaging. In-product messaging also permits your computer or device to transmit information to our servers including technical data, virus definitions, security, and technical information about your hardware.

The data may be used to offer you a discount on a new product based on your past purchases. Data is also used for analytical and statistical purposes, product updates, quality control, and in-product and feature design. Premium or paid customers can manage In-product messaging for marketing purposes in the applicable product settings.

1.  Service Data

Service Data is collected from your use of our websites, products, and services.

Service Data is used primarily to provision the products or services. Service Data is also used for the compatible and legitimate uses of research, to compile statistics, analytics, aggregated reporting, product development, In-product messaging, and direct marketing. Before Service Data is used for secondary purposes, pseudonymize or anonymize the Service Data.

For all Service Data, we practice “data minimization”, which means we limit our collection and retention of your data to only what is necessary, adequate and relevant to achieve our processing purpose.

Below we list our products and the Service Data that each collects. There may be other products (current or future) that require us to collect certain types of personal data to enable full product functionality. We will always inform you prior to collecting any such information, usually in the terms of service or end user license agreement (EULA) or the privacy notice applicable to the product or service. Personal data collected as part of Service Data is necessary to the provision of the product functionality. When personal data is no longer needed we limit or stop using it in line with the minimization principle. For example, your email, the URLs of websites you have visited, your files, are scanned for malware detection and protection; then we remove your email address and other personal data or we hash any identifiers turning the Service Data into pseudonymized or anonymized data for paid users and anonymized data for free users before we re-use the Service Data for research, analytics, statistics, reporting, cross-product development, in-product messaging, and marketing..

The primary processing of Service Data will be to perform the contract to provision the product or service to you. The secondary processing of Service Data will be as compatible for our legitimate interests to provide you the benefits of research, analytics, cross-product development, and cross-product in-product messaging. If we need to process your Service Data for a purpose that requires consent, we will notify you separately of this and the general rules of providing and withdrawing consent shall apply.

Website Log Files

We collect the information in the form of server log files that tell us generally about the visitors to our site, which may include general geographic regions, length of visits, the webpages you request, the URLs of the site you were viewing before clicking on our websites, your IP Address, cookies, the type of web browser and operating system you are using, click-stream data and so forth.

If a user downloads a product from our website, we connect the installation GUID with the user’s website log. We use this information to fulfil our legitimate interests, which are to analyse overall trends, administer our webpages, track users’ use of the webpages, help us improve our website(s), and to better understand the users’ experience on our website(s) when downloading and activating our products.

Device and Network Information

We may collect information about the computer or device you are using, our products and services running on it, and, depending on the type of device it is, what operating systems you are using, device settings, application identifiers (AI), hardware identifiers or universally unique identifiers (UUID), software identifiers, IP Address, location data, cookie IDs, and crash data (through the use of either our own analytical tools or tolls provided by third parties, such as Crashlytics or Firebase). Device and network data is connected to the installation GUID.

We collect device and network data from all users. We collect and retain only the data we need to provide functionality, monitor product and service performance, conduct research, diagnose and repair crashes, detect bugs, and fix vulnerabilities in security or operations (in other words, fulfil our contract with you to provision the service).

We also use your device and network data for in-product-messaging and cross-product development. Premium or paid customers can manage in-product messaging for marketing purposes and cross-product development in the applicable product settings.

We collect information in the form of statistics through our own or third-party analytics about which apps have been installed or uninstalled, how they are used, the number of active users, and the impact apps have on device performance and battery consumption (collectively, “AppInfo”). From this we study device and network behaviour, purchasing history and trends to measure the relative success of our products over time (in other words, serve our legitimate interests).

Analytics and Crash Reporting

We use analytical tools, including third party analytical tools, which allow us to, among other things, identify potential performance or security issues with our products, improve their stability and function, understand how you use our products, and websites, so that we can optimize and improve your user experience, as well as evaluate and improve our campaigns. While we generally prefer using our own analytical tools, we sometimes need to partner with other parties, which have developed and provide us with their own tools and expertise. Below, we list these partners, their tools which we use, as well as additional information on where and how we use them.

Noralabs Analytics

Noralabs Analutics is a threat monitoring service. Information about a threat detected in your device is sent to our server, so we can observe how the threat spreads and block it. This is vital for the functioning of our service and our ability to keep your device secure.

When you download our products and services, you will automatically be opted into our Analytics, and your device is able to provide security-related information when needed. You may choose to opt out via product settings. By remaining in our Analytics, you actively help yourself and others in the Noralabs community to experience a higher standard of security.

Our security experts process the data acquired by our Analytics to update our databases of viruses and infected websites, and for historical and statistical purposes to understand where the threat is coming from, the levels of threat per country, how many persons visited the malicious website and the number of people we protected. We process this data for the purposes of antivirus functionality and to protect your device.

The data is collected from your entire submission process online. For both desktop and mobile users, this includes URLs of visited websites, IP Addresses, approximate geolocation of user or Internet Service Provider (ISP), device IDs together with the information on the nature of the detected threat. We collect this information to ascertain the source of the infection.

Geolocation gives the approximate location, for example, the latitude and longitude of the IP Address. However, if you access a malicious website while using Wi-Fi, then your IP Address can be location data. Depending on your ISP, your IP Address may indicate an exact location or the location of the ISP office or your location at a country level.

We may provide a method for manual submission of suspected malware, or a way to add more information about the source of an infection. Files and information submitted through this process will be retained as long as is necessary for security research and providing you protection.