Table of content
We process a variety of data. This data may be directly or indirectly of a personal nature, i.e. it may involve other data sources.
We collect much of this data in a pseudonymized or an anonymized form. Pseudonymized means that it is no longer possible to attribute the personal data to a specific data subject without additional information. Anonymized means that the data subject can no longer be identified from the anonymized data. Within the scope of this processing, we also use service providers as contract processors in accordance with the regulations described above.
Irrespective of whether your data can be traced back directly or indirectly to a natural person, we process your data only for the specified, clear, and legitimate purposes. Further detailed information can be found in the corresponding subject areas.
Your consent is required for the processing of certain data. In these cases, we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.
You always have the option to withdraw this consent to processing with effect for the future. Further information can be found under Withdrawal of consent.
Contract initiation and performance
We primarily store personal data needed to fulfill our contractual obligations to you (Article 6(1)(b) GDPR). Please keep in mind that it is our duty by means of our software to protect your IT systems and data against malware and attacks. Therefore, we require a range of different information. Depending on the product used, our contractual obligations include the monitoring of various internal and external data streams, programs, and files as and where necessary. If personal data supplied by third parties is processed, the processing is carried out on the contractual basis and additionally according to Article 6(1)(f) GDPR. The "legitimate interest" is the protection of your systems and thus in protecting you against online and offline threats. Your need for protection outweighs the third-party's need for protection whose information may have been made accessible to you and subsequently to us.
It is also possible to process data on the basis of our legitimate interest (Article 6(1)(f) GDPR). Thereby, we are required to disclose our interest and take both your and our interests into consideration.
You have the right to object to the processing insofar as there are reasons for this arising from your particular situation or if it constitutes direct advertising.
In the case of direct advertising, you have a general right to object at any time without having to provide information on the particular situation. Please inform us of your objection in writing (e.g. email).
Storage and deletion periods
We store personal data only to the extent required to fulfill the purpose. The storage period depends on legal requirements and the duration of the contractual relationship.
If we no longer need your personal data to fulfill the respective purpose, we will make it anonymous and/or delete it within the scope of the legal regulations.
Legitimate forwarding of personal data
Your personal data will not be transmitted to third parties for reasons other than those described in this document.
We will only disclose your personal data to third parties if:
- you have expressly given us your consent for this.
- it is legally permissible and necessary for the execution of our contractual relationships with you.
- data transmission is based on a legal obligation.
- data disclosure is justified by a legitimate interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time.
We share personal data with the following categories of recipients for the aforementioned reasons:
- Employees (internal and external)
- Group companies
- IT infrastructure service providers
- Payment processors
- Service providers for support processing
- Software service providers
- Marketing and sales service providers
- Suppliers of analysis tools
- Public authorities.
Here are a few examples:
- Mixpanel (Mixpanel Inc.) – we use this tool to analyze and improve the functionality of our software and to optimize your user experience. To do so, only anonymized data is transferred.
- Akamai (Akamai Technologies GmbH) – is used to distribute and update our software. To provide you with a reliable service, information on matters such as transfer paths is saved.
- Ivanti (Ivanti Inc.) — Ivanti tools are used to distribute and update our software. To provide you with a reliable service, we collect information on matters such as transfer paths.
- SurveyMonkey (Survey Monkey Europe UC) – we use this platform to conduct surveys on issues such as your product satisfaction. For safety, personal data is processed in a pseudonymized form.
We collaborate with partners for selected products and services as joint controllers within the meaning of Article 26 GDPR. We jointly define the purpose and means of processing with these companies. For this, personal data may also be forwarded. In accordance with the GDPR, both companies are then responsible for this processing and/or the legally compliant handling of your data.
Cross-Border Transfers of Personal Data Among Avira and NortonLifeLock Entities and to Third-Party Vendors
We are a global company and process personal data in many countries. As part of our business, your personal data may be transferred to Avira and NortonLifeLock and/or its subsidiaries and affiliates in the United States, Germany, and to subsidiaries and third-party vendors of Avira /NortonLifeLock located worldwide. All transfers will occur in compliance with the applicable data transfer requirements laws and regulations. Transfers of your personal data within Avira/NortonLifeLock and/or its subsidiaries and affiliates are done pursuant to NortonLifeLock’s Binding Corporate Rules.
If your personal data originates from the European Economic Area and is transferred to Avira/NortonLifeLock subsidiaries, affiliates, or third-party vendors engaged by Avira/NortonLifeLock to process such personal data on our behalf who are located in countries that are not recognized by the European Commission as offering an adequate level of personal data protection, such transfers are covered by alternate appropriate safeguards, specifically Standard Contractual Clauses adopted by the European Commission.
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your personal data may be transferred as part of that transaction.
Technical and organizational data protection
We have implemented safeguards to protect your personal data that are both state-of-the-art within the software industry and meet the requirements of data protection legislation. These measures are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized obtaining, or access by third parties.
We protect our systems and processing with a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.
Our employees are regularly trained in the sensitive handling of personal data and are required to maintain confidentiality in accordance with legal requirements.
Processing of minors' data
Our products and services may not be ordered or installed by minors.
Remember that the data you send to forums such as www.support.avira.com will be classified and treated as information that is "manifestly made public". If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum.