At Avira, we consider it our responsibility to protect your data and privacy as best we can. As a German company with headquarters by Lake Constance, we have always been subject to one of the strictest data protection laws in the world.
Millions of customers already entrust us with their data as we apply the highest safety standards when storing and processing it. Moreover, we only collect data if absolutely necessary and in the best interests of our customers, for example, to send them a product activation code per email.
In the following, you will discover how we implement the prescribed measures of the new General Data Protection Regulation (GDPR):
Data Protection Policy
- How can you contact us?
- What do we mean by certain terms?
- What personal data is processed by us?
- Why and on what legal basis do we store personal data?
- Why and who do we share personal data with?
- How do we collaborate with partners on your behalf?
- What do we use international partners for?
- What data protection settings are available?
- How can you revoke your consent?
- What are your rights?
- How do we protect personal data?
- What possibilities are there for minors to use our services?
- What other information is important?
For Avira the protection of your privacy always has the highest priority. We are a leading expert in the IT security field. We protect you against malware, viruses, and other digital threats. The protection of your personal data is very important to us.
How can you contact us?
Which Avira company is responsible for you? If you live outside the USA or Canada, the following Avira companies may be responsible, depending on the respective contract:
- Avira Holding GmbH & Co. KG, or
- Avira Sales GmbH & Co. KG, or
- Avira Operations GmbH & Co.KG
All companies can be reached at the following address
Kaplaneiweg 1, 88069 Tettnang, Germany.
can be contacted at:
If you live in the US or Canada, "Avira" stands for Avira, Inc., c/o WeWork 75 E, Santa Clara St. Suite 600, 6th Floor, San Jose, CA 95113, USA.
You can contact the Data Protection Officer for the entire Avira Group at:
Data Protection Officer
Tel: + 49 7542/500-0
What do we mean by certain terms?
By modifying the data, identification of a natural person is no longer possible.
Data stored about the user's activities.
Programs allowing analyses of user behavior.
In the cloud
Use of IT infrastructures and services that are not kept locally but are hired as a service and can be accessed via a network (e.g. the internet).
Cookies are small text files that are stored on your computer or in your browser.
General Data Protection Regulation, revision of data protection regulations for the European Union.
(Portable) objects, such as smartphones, tablets, notebooks, or PCs, used to access apps or programs and information services.
An address within the computer network based on the Internet Protocol (IP). This address is assigned to the device and thus allows the device to be addressed and so accessed.
Address of each individual network adapter.
Administration area within the Avira software for registered users.
This information relates to a specific or identifiable natural, living person.
Modification of data in such a way that it is no longer possible to allocate it to a certain data subject without additional supplementary information.
Programs developed to cause damage to a device.
Synonymous for "intelligent, clever" devices (e. g. smartphone, smart TV, smart watch).
Freely selectable network name.
Internet based software solution for managing your account or your settings.
What personal data is processed by us?
We process different data when you install or use our products or visit our websites. This data may be directly or indirectly of a personal nature, i.e. it may involve other data sources.
Much of this data is collected in a pseudonymized or anonymized format.
This includes the following information:
Information when you visit our websites:
To activate or use some of our products or services, you need to create an account ("my.avira.com"). During the process of setting up your Account, we will ask you for certain personal information such as your name, email, and IP addresses, possibly supplemented by your telephone number and address details.
For mobile products, further information is added, e.g. about the device used, your provider, and the operating system.
If you contact us for support inquiries, we will store your data in connection with this particular inquiry, such as contact details, information on your hardware and software, and log data. In some cases we may ask you to provide us with additional files generated by analysis tools to handle your support inquiry.
Here are a few examples:
With Avira Connect we provide a web console which you can use to manage your account and our software. Furthermore, we provide you with the option to register your smartphone, so you can locate it in the event of loss. To provide you with this service, we collect data on the location of your smartphone. Through Avira Connect we also manage our software that you use. For this, we store license information, the license expiration date, and the service packages you have booked.
Avira Phantom VPN
With Avira Phantom VPN we provide you with a global service for an even safer internet connection. Encrypted connections to our server locations distributed around the world let you surf anonymously and access your favorite content from anywhere. If you use Avira Phantom VPN we do not collect any data about the web pages you visit or the services you use on the internet. The information we require for our billing system only tells us when someone was online and what data volume was utilized.
We operate our own search engine. If you use this product we collect information on the browser type and operating system you use to perform the search, your IP address, and the type of search conducted. We store information about how you perform your search (for example, how many web searches were performed on a particular day or in a particular region). The search requests and personal data are hosted and stored on Avira servers. We work with third parties to provide you with better search results.
Avira URL Cloud
The URL Cloud feature helps identify internet addresses that are harmful to your system when you are browsing the web. URL Cloud analyzes the internet addresses you visit, to determine which internet addresses could contain malware, spam, or phishing, and warn you before opening those internet addresses. However, we remove any personally identifiable information prior to investigation. We store certain internet address data in an anonymized form and use it for debugging, statistical purposes, and to improve detection rates.
Avira Protection Cloud
For better protection against threats, our products contain features allowing us to analyze new or unknown malicious software or files from potentially hazardous sources in real time. When these features are enabled, our products use certain pre-determined rules to see whether an event on your system is caused by a virus or malware attack. If necessary, we will send a "digital fingerprint" of the unknown or suspicious data from your system to Avira for investigation in real time. In most cases, our analysis can immediately label the file as either safe or malware. Under certain circumstances the executable file may need to be sent to Avira for further analysis. In this event, files are exchanged between your computer/device and the Protection Cloud in an encrypted form. Personal files (e.g. in pdf, doc, or xls formats) or personal documents such as photos and videos are not transmitted.
Avira Home Guard
Home Guard enables you to detect "smart" components (such as video cameras, baby monitors, smart TVs, Wi-Fi routers, printers, media servers) within your home network and to analyze them for vulnerabilities. Furthermore, Home Guard stores the results to search automatically for new devices. To provide this function, we store information on your network and the devices connected to it, such as MAC and IP addresses as well as network settings.
Avira Safe Things
To improve your home's safety and adapt it to deal with current threats, SafeThings by Avira is a solution which can be installed directly on your router by the network operator. This solution protects your network devices automatically against IoT threats. To do so, we process information on your local network, your router, and its settings.
Avira Safe Shopping
If you use Avira Safe Shopping, it is part of our contractual obligation to present you with suitable products from other providers or other providers' conditions for the same product. Data processing is done exclusively in accordance with the performance of the contract.
Avira Software Updater
Avira Software Updater checks if your locally installed programs are up-to-date. If outdated programs are detected, Avira Software Updater notifies you about the potential safety risks or installs the respective updates automatically. Version status verification is only performed locally. No data on installed programs is sent to Avira.
Avira Password Manager
Avira Password Manager lets you store your passwords safely and synchronize them across multiple devices. Passwords are encrypted immediately after entry. Owing to the master password, Avira is unable to access your data. For data transmission from your devices to our servers, we use only encrypted data. (End-to-End-Encryption)
Avira Identity Scanner
Avira Identity Scanner provides continuous monitoring of personal data on the web. This software protects your identity by identifying potential cyber risks which may be used for identity theft or online fraud. Furthermore, Identity Scanner will notify you about every security breach of your data. Additionally, you have the option to transfer the data to be checked to us.
For certain features, we access the location data of your device.
Why and on what legal basis do we store personal data?
We process your data, whether it can be traced back directly or indirectly to a natural person or not, for the following purposes:
- To fulfill our contractual obligations to you.
- For correct operation of our products and services.
- For convenient and straightforward use of our products and services.
- To improve and optimize the features, security, and stability of our products and services.
- For administrative purposes.
- To offer you optimized advertising and product information.
Contract initiation and performance:
In general, we only store personal data needed to fulfill our contractual obligations to you (Article 6(I)b. GDPR). Please keep in mind that it is our duty by means of our software to protect your IT systems and data against malware and attacks. Therefore we require a range of different information. Depending on the product used, our contractual obligations include the monitoring of various internal and external data streams, programs, and files as and where necessary. If personal data supplied by third parties is processed, the processing is carried out on the contractual basis and additionally according to Article 6(1)f. GDPR. The "legitimate interest" is the protection of your systems and thus in protecting you against online and offline threats. Your need for protection outweighs the third-party's need for protection whose information may have been made accessible to you and subsequently to us.
Your consent is required for the processing of certain data. In these events we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.
In these cases we will inform you about the purpose of the data processing and about your right of withdrawal.
It is also possible to process data on the basis of our legitimate interest. Thereby, we are obliged to disclose our interest and take both your and our interests into consideration. This is the case for the following processes:
This is the case for the following processes:
- For our security products range we scan and verify files and data streams continuously. In these cases we may process personal data of third parties. This processing is carried out on the basis of legitimate interest according to Article 6(1)f. GDPR. Our legitimate interest outweighs the protection of the third party as we protect your systems against possible malicious software (see also recital 49 of the General Data Protection Regulation).
- If you use Avira Identity Scanner, we verify the personal data you enter through a high-security process in cooperation with our partner Affinion (Affinion International Ltd., UK). Should Affinion detect that data misuse is likely, we will submit this information to you on behalf of our partner. The processing of personal data behind this procedure is based on Affinion's legitimate interest to protect information security.
Storage and deletion periods:
We store personal data only to the extent required to fulfill the purpose. The storage period depends on legal requirements and the duration of the contractual relationship.
Should the data no longer be used, it will be anonymized and/or deleted in accordance with legal regulations.
Should you wish to have your data deleted, please note that we are able to block your data immediately but for legal reasons or due to technical restrictions it may take up to 180 days to permanently delete your data from the live systems.
Furthermore, please note that after confirming your deletion request it will no longer be possible to restore your data.
In addition to our own systems, we also use the following third-party tools for marketing purposes and to make your visit to our websites or the use of our products/services more user-friendly.
Google Analytics 360
You still have the option to prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) as well as from processing this data by downloading and installing a browser plug-in provided by Google.
More information about Google Analytics can be found here.
Adobe Analytics (Omniture)
More information about the Adobe Systems Privacy Policies is available click here.
You may opt-out of the collection and storage of your information by Crazy Egg at any time by following the instructions under the following link:
More information about the software used and the Crazy Egg Privacy Policies can be found here.
Social media registrations:
For some web-based services or functions of our products and services (for example, the login via https://my.avira.com) we offer a log in via Facebook Connect or Google+ Sign-In. Facebook Connect is a service of Facebook, Inc. ("Facebook") and Google+ Sign-In is a service of Google, Inc. ("Google"). If you use Facebook Connect or Google+ Sign-In, the data transmitted to Avira by Facebook or Google will be processed and stored by us exclusively for the purpose of registration. The use of Facebook Connect or Google+ Sign-In is subject to the respective Facebook and/or Google Privacy Policies and Terms of Service. When using Facebook Connect, your Facebook profile and your public profile data are transferred from Facebook to Avira. When using Google+ Sign-In, your Google+ login information (which may contain personally identifiable information such as your name, email address, phone number, and other information you have entered as part of your Google+ profile) will be transferred from Google to Avira. For more information about Facebook Connect, click here or read the Facebook Connect login pop-up. To obtain more information about Google+ Sign-In and how to manage your Google+ access rights, please click here.
If you object to the transfer of such data, please use your Avira account as a login instead of Facebook Connect and/or Google+ Sign-In.
Why and with whom do we share personal data?
Your personal data will not be transmitted to third parties for reasons other than those listed below.
We will only disclose your personal data to third parties, if:
- You have expressly given us your consent for this.
- It is legally permissible and necessary for the execution of our contractual relationships with you.
- Data transmission is based on a legal obligation.
- Data disclosure is justified by a particular interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time.
We share personal data with the following recipients or categories of recipients for the aforementioned reasons:
- Employees (internal and external)
- IT infrastructure service providers
- Payment processors
- Support service providers
- Software service providers
- Providers of analysis tools
- Public authorities
Here are a few examples:
- MMixpanel (Mixpanel, Inc.) – we use this tool to analyze and improve the functionality of our software and to optimize your user experience. To do so, only anonymized data is transferred.
- Akamai (Akamai Technologies GmbH) – is used to distribute and update our software. To provide you with a reliable service, information such as on transfer paths is saved.
- Ivanti (Ivanti, Inc.) – Ivanti tools are used to distribute and update our software. To provide you with a reliable service, we collect information such as on transfer paths.
- SurveyMonkey (SurveyMonkey Europe UC) – we use this platform to conduct surveys such as on your product satisfaction. For safety, personal data is processed in a pseudonymized form.
How do we collaborate with partners on your behalf?
We collaborate with partners for selected products and services as joint controllers within the meaning of Article 26 GDPR. We jointly define the purpose and means of processing with these companies. For this, personal data may also be forwarded. In accordance with the GDPR, both companies are then responsible for this processing and/or the legally compliant handling of your data.
What do we use international partners for?
We use a global IT infrastructure including computers, cloud-based servers, networks, and software solutions of international companies to provide our services.
These partners are based in different countries, partly also outside the European Union. In these countries, the same level of data protection is not always governed by and established in law as in the European Union. For this reason, we have taken a number of measures in accordance with the GDPR to ensure the highest possible protection of your personal data. These are:
- Collaborations with organizations in countries recognized by the EU Adequacy Decision
- Collaborations with organizations according to the EU-US Privacy Shield
- Collaborations with organizations based on the EU Standard Contractual Clauses
- Collaborations with organizations based on agreed guarantees
Compliance with statutory obligations and requirements is guaranteed by our partners.
Further, in certain specific cases your personal data may be forwarded to third countries based on your express consent.
What data protection settings are available?
Our products offer you a number of options and settings. These are usually explained to you when you first use or register for them. It is quite possible that by changing the settings, certain services may no longer function properly.
How can you revoke your consent?
If you have given us your consent to process certain data, e.g. to receive a newsletter or third-party offers, you have the right to revoke this consent – also in part – at any time. You can usually do so at my.avira.com or by contacting us directly.
If data processing is based on a weighing of interests pursuant to Article 6(1)f. GDPR, you have the right to object to the processing insofar as there are reasons for this arising from your particular situation or if it constitutes direct advertising.
In the case of direct advertising, you have a general right to object without having to provide information on the particular situation. Please inform us of your objection in writing (e.g. email) or by telephone.
What are your rights?
You have the following rights in connection with your personal data, subject to possible legal restrictions:
The right to be informed, the right to rectification, erasure, restriction of processing, portability, and objection.
At this point we expressly point out that we reserve the right to perform an identity check of the individual submitting the inquiry, in accordance with legal requirements, and to also take further measures to clearly verify the inquirer's identity.
Anonymous users of our products and services:
If you use our products and services anonymously, i.e. without having registered by providing your email address, we will not be able to perform the necessary and legally required identity check within the scope of your legal request. In accordance with Article 11(2) GDPR we therefore reject the exercise of any claims of the data subject according to Articles 12 to 22 GDPR, unless the data subject provides information allowing their identification in order to exercise their rights laid down in the aforementioned articles.
Right to information:
If you would like to know which of your personally identifiable information we store, you can access this information via my.avira.com. This provides an overview of the records we store, such as your name, email address, and mailing address. For safety reasons and due to regulations we may pseudonymize certain data, such as credit card details.
You will be emailed the requested activity data. The provision of this information may take some time, depending on the scope of the activity data.
Right to rectification:
You will find an overview of the records we store, such as your name, email address, and mailing address, in the administrator section of our software. If you find that this information is incorrect, you can change it yourself. For all other rectifications, please contact us in writing (e.g. email).
Right to erasure:
Should you wish to delete your data, you have the option to do so in the administration section of our software. We will then erase your data in accordance with legal requirements.
However, we would like to point out that we are legally obliged to store certain data for longer periods of time (e.g., the retention period for accounting documents is currently 10 years (German Fiscal Code)).
Additionally, we would like to point out that we are able to block your data immediately but due to technical restrictions it may take up to 180 days to permanently delete your data, provided there are no legal obligations and statutory rights preventing deletion.
Furthermore, please note that after confirming your deletion request it will no longer be possible to restore your data.
You may continue using parts of our software as an anonymous user.
Right to restriction of processing:
You have the right to restrict the processing of your personally identifiable information. To this end, please inform us of the categories of data affected by your request and the reasons for your request. We will examine the information immediately and notify you of the result.
Right to data portability:
Please let us know in text form (e.g. email) which data you would like to transfer to whom. We will examine your request immediately and inform you of the result.
Right to lodge a complaint:
If you are dissatisfied with our data-protection efforts, you have the right to lodge a complaint with the data protection regulatory authority responsible for your country. For example, the office responsible for Avira in Europe is :
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (The State Data Protection and Freedom of Information Officer in Baden-Wuerttemberg) Germany
PO Box 10 29 32, 70025 Stuttgart
Königstrasse 10a, 70173 Stuttgart
How do we protect personal data?
We have implemented safeguards to protect your personal data that are both state-of-the-art within the software industry and meet the requirements of data protection legislation. These are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized knowledge or access by third-parties.
To transfer data between our websites, our applications and backends, communication is encrypted using the SSL (Secure Socket Layer) procedure.
We protect our systems and processing with a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.
Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.
What possibilities are there for minors to use our services?
Our products and services may not be ordered or installed by minors.
What other information is important?
Remember that the data you send to forums such as https://www.avira.com/en/support will be classified and treated as information that is "manifestly made public". If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum.
Changes to this Data Protection Policy:
Effective: 18 February, 2019