Kaspersky Security Network Statement

A. INTRODUCTION

Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.

AO Kaspersky Lab (further Kaspersky Lab) has created this Statement in order to inform and disclose its data gathering and dissemination practices for Kaspersky Internet Security for Android.

Kaspersky Lab has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing.

This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do – including protecting your Data.

The Kaspersky Security Network service allows users of Kaspersky Lab security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") security risks targeting your computer, which helps to identify new threats and their sources and to help improve a user’s security level. Such information is utilized by Kaspersky Lab for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses.

By participating in Kaspersky Security Network, you and the other users of Kaspersky Lab security products from around the world contribute significantly to a safer Internet environment.

Legal Issues (if applicable)

Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky Lab shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky Lab guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.

Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.

Kaspersky Lab may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky Lab may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. RECEIVED INFORMATION

In order to identify new and challenging data security threats and their sources, as well as threats of intrusion, and to take prompt measures to increase the protection of the data stored and processed by the user with a computer, You agree to automatically provide the following information:

1. Information about the wireless network connection being used by the computer: the name of the wireless network, the checksum (MD5 and SHA256) of the MAC-address of the access point, flag indicating whether the computer is running on battery power or a stationary power supply, DNS flag, the type of the computer, information about wireless network type and security, the unique identifiers, made using a unique identifier of the computer, unique identifier of the software installation, name of the wireless network and MAC-address of the access point, information about the available wireless networks: the name of the wireless network, the MAC-address of the access point, information about the wireless network’s security and signal quality, the category of the wireless network specified in the software, DHCP settings, the checksum (SHA256) of the IP-address (IPv4 and IPv6) of the computer, the information about configuration used for the connection to the access point.

2. Information about the hardware and software installed on your computer: information about version and type of operating system installed, information about the computer model, the ID and version of the computer firmware, the name of manufacturer, administrator rights availability.

3. Information about all scanned actions and objects: name, hash sum (SHA256, MD5) and size of the object, URL, from where object was downloaded, redirection URL, protocol id and port number, the name of the detected threat according to the classification of the Rightholder, version and type of record in the anti-virus database for which a result was delivered after scanning, full path to the object being scanned (on the computer) and the code of the path template, ID of the object type, ID indicating that the object is a PE file, flag for the potential maliciousness of the scanned object, the result of processing the file.

4. The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, value of the HTTP referrer.

5. Information about the Rightholder's software installed and the status of your computer's antivirus protection: the version and the type of software, version of antivirus database, the unique software installation identifier, and a unique computer identifier.

In order to optimize testing methods and reduce the number of false positives when checking for installed applications and downloaded files provide the following information:

6. Information about downloaded and installed applications: the name of the application installer (APK) and the path to it, checksums (MD5) of the application installer (APK) and the DEX file located inside the installer, name and version of the installed application, information from the application manifest files, a flag indicating the application is located in the system catalog, the user ID in KPC.

7. Information about the application's digital certificates: the certificate's serial number, the checksum (SHA256), information about the certificate's public key and the name of the certificate issuer, name of the company that signed the certificate, issue and expiry date of the certificate, the version of the application code and the version of the Software.

8. In order to fight against adware, the User agrees to automatically provide the following information:

- The date and the time of the appearance of the adware covering up the active user application.

- Information about the adware, the name of the application installer (APK) and its path, the checksums (MD5) of the application installer (APK) and of the DEX-file located in the installer, the name of the application being installed.

- Information about the covered up application, the name of the application installer (APK) and its path, the checksums (MD5) of the application installer (APK) and of the DEX-file located in the installer, the name of the application being installed.

- Information about the size of the adware window, information about the size of the device screen.

To improve the quality of the Software, the User agrees to automatically provide the following information:

9. The checksum (SHA256) based on the MAC-address of the computer and the User’s unique identifier in the Rightholder’s services, the checksum (SHA256) of the computer name, the type and the manufacturer name of the computer, the type of the installed operating system, the type and version of the component that determines the characteristics of devices in the home wireless network.

When participating in KSN, the User agrees to provide the following information for all purposes mentioned above:

- The unique software installation identifier;

- The full version of the installed software;

- The type identifier of the installed software;

- The unique identifier of the computer with the installed software;

- The unique identifier of the user at the Web-Portal.

10. To improve application performance and help us analyze user satisfaction, you agree to submit the following data to Firebase service automatically:

- Information about the software installed on the computer: the version, the name of the store where the application was obtained, the timestamp of the first launch of the software;

- Information about the in-app purchases: the identifier and name of the application, the currency and purchase amount;

- Information on the use of the software: the event type, the name of the blocked application, the sign that the application is added to the list of blocked applications, the PIN code length;

- Information about the Users’ computer where the software is installed: the computer manufacturer name, the type of the computer, the version and the language (locale) of the operating system, information about the application first run in the last week and earlier;

- Advertising ID;

- Information about the user: the age category and sex of the user, the identifier of the country of residence, the list of interests of the user.

11. To improve application performance, you agree to submit the following data to Crashlytics service automatically:

- Information about an event of abnormal termination of the software: the unique identifier of the event, date and time of the software installation and the event, text of the error message;

- Information about the software installed on the computer: the software bundle identifier and version number of the software, the flag indicating whether or not the software was running in the background;

- Information about the computer’s hardware: the computer’s model name, CPU architecture, size of the RAM and its currently used amount, size of the disk space and its currently used amount, the flag indicating whether the computer was rooted, identifier indicating the screen’s orientation, battery level and discharge rate;

- The name and version of the operating system;

- Android ID and Android Advertising ID.

Data is forwarded to Firebase and Crashlytics over a secure channel.

Access to information and its protection is governed by the relevant terms of use of Firebase and Crashlytics services.

Securing the Transmission and Storage of Data

Kaspersky Lab is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky Lab operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky Lab uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky Lab takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky Lab employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Kaspersky Lab does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky Lab for promotional or other purposes.

C. USE OF THE PROCESSED DATA

Kaspersky Lab processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky Lab’s products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky Lab customers in the future.

Disclosure of Information to Third Parties

Kaspersky Lab may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky Lab may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Kaspersky Lab or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky Lab may share certain information with research organizations and other security software vendors. Kaspersky Lab may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS

Kaspersky Lab takes and addresses its users’ Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky Lab by email: support@kaspersky.com.

In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.

CHOICES AVAILABLE TO YOU

Kaspersky Lab protects the information received in accordance with applicable governing law and Kaspersky Lab's rules. Data is transmitted over a secure channel.

We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Kaspersky Lab is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.

© 2018 AO Kaspersky Lab. All Rights Reserved.