Privacy Policy - Principles of the processing of personal data 

Legal basis for the processing of your personal data

Content

General information

We process a variety of data. This data may be directly or indirectly of a personal nature, i.e. it may involve other data sources.

We collect much of this data in pseudonymized or anonymized form. Pseudonymized means that it is no longer possible to allocate the personal data to a specific data subject without additional information. Anonymized means that the data subject can no longer be identified. Within the scope of this processing, we also use service providers as contract processors in accordance with the regulations described above.

Purpose limitation

Irrespective of whether your data can be traced back directly or indirectly to a natural person, we process your data only for the specified, clear and legitimate purposes. Further detailed information can be found in the corresponding subject areas.

Your consent is required for the processing of certain data. In these cases, we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.

You always have the option to revoke this consent for future processing. Further information can be found under Revocation of consent.

Contract initiation and performance

We primarily store personal data needed to fulfill our contractual obligations to you (Article 6(1)(b) GDPR). Please keep in mind that it is our duty by means of our software to protect your IT systems and data against malware and attacks. Therefore we require a range of different information. Depending on the product used, our contractual obligations include the monitoring of various internal and external data streams, programs, and files as and where necessary. If personal data supplied by third parties is processed, the processing is carried out on the contractual basis and additionally according to Article 6(1)f. GDPR. The "legitimate interest" is the protection of your systems and thus in protecting you against online and offline threats. Your need for protection outweighs the third-party's need for protection whose information may have been made accessible to you and subsequently to us.

Legitimate interest

It is also possible to process data on the basis of our legitimate interest (Article 6(1)(f)). Thereby, we are obliged to disclose our interest and take both your and our interests into consideration.

You have the right to object to the processing insofar as there are reasons for this arising from your particular situation or if it constitutes direct advertising.

In the case of direct advertising, you have a general right to object at any time without having to provide information on the particular situation. Please inform us of your objection in writing  (e.g. eail).

Storage and deletion periods

We store personal data only to the extent required to fulfill the purpose. The storage period depends on legal requirements and the duration of the contractual relationship.

If we no longer need your personal data to fulfil the respective purpose, we will make it anonymous and/or delete it within the scope of the legal regulations.

Legitimate forwarding of personal data

Your personal data will not be transmitted to third parties for reasons other than those listed below.

We will only disclose your personal data to third parties if:

  • You have expressly given us your consent for this.
  • It is legally permissible and necessary for the execution of our contractual relationships with you.
  • Data transmission is based on a legal obligation.
  • Data disclosure is justified by a legitimate interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time.

We share personal data with the following categories of recipients for the aforementioned reasons:

  • Employees (internal and external)
  • IT infrastructure service providers
  • Payment processors
  • Service providers for support processing
  • Software service providers
  • Marketing and sales service providers
  • Suppliers of analysis tools
  • Public authorities

Here are a few examples:

  • Mixpanel (Mixpanel, Inc.) – we use this tool to analyze and improve the functionality of our software and to optimize your user experience. To do so, only anonymized data is transferred.
  • Akamai (Akamai Technologies GmbH) – is used to distribute and update our software. To provide you with a reliable service, information on matters such as transfer paths is saved.
  • Ivanti (Ivanti, Inc.) – Ivanti tools are used to distribute and update our software. To provide you with a reliable service, we collect information on matters such as transfer paths.
  • SurveyMonkey (Survey Monkey Europe UC) – we use this platform to conduct surveys on issues such as your product satisfaction. For safety, personal data is processed in a pseudonymized form.

Joint controllers

We collaborate with partners for selected products and services as joint controllers within the meaning of Article 26 GDPR. We jointly define the purpose and means of processing with these companies. For this, personal data may also be forwarded. In accordance with the GDPR, both companies are then responsible for this processing and/or the legally compliant handling of your data.

International data transfer

We use a global IT infrastructure including computers, cloud-based servers, networks, and software solutions provided by international companies to provide our services.

These partners are based in different countries, including some outside the European Union. In these countries, the same level of data protection is not always governed by and established in law as in the European Union. For this reason, we have taken a number of measures in accordance with the GDPR to ensure the highest possible protection of your personal data. These are:

  • Collaborations with organizations in countries recognized by the EU adequacy decision
  • Collaborations with organizations in the USA according to the EU-US Privacy Shield
  • Collaborations with organizations based on the EU Standard Contractual Clauses
  • Collaborations with organizations based on agreed guarantees

Compliance with statutory obligations and requirements is guaranteed by our partners.

Further, in certain specific cases, your personal data may be disclosed to third countries based on your express consent.

Technical and organizational data protection

We have implemented safeguards to protect your personal data that are both state-of-the-art within the software industry and meet the requirements of data protection legislation. These measures are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized obtaining, or access by third parties.

We protect our systems and processing with a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.

Our employees are regularly trained in the sensitive handling of personal data and are obliged to maintain confidentiality in accordance with legal requirements.

Processing of minors' data

Our products and services may not be ordered or installed by minors.

Public information:

Remember that the data you send to forums such as www.support.avira.com will be classified and treated as information that is "manifestly made public". If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum.

Changes to this Privacy Policy

This Privacy Policy is revised on an ad-hoc basis to adapt it to current developments in relation to our company, our products and services, legal requirements, and social developments.

Date: 11.12.2019