Privacy Policy
Effective as of September 17, 2024 | See a previous version of Privacy Policy | Compare changes
The protection of personal data is of particular importance to ESET, spol. s r. o., having its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic, Business Registration Number: 31333532 as a Data Controller ("ESET" or "We"). We want to comply with the transparency requirement as legally standardized under the EU General Data Protection Regulation ("GDPR"). To achieve this goal, We are publishing this Privacy Policy with the sole purpose of informing our customer ("End User" or "You") as a data subject about following personal data protection topics:
- Contact Information.
- Legal Basis of Personal Data Processing,
- Data Sharing and Confidentiality,
- Data Security,
- Your Rights as a Data Subject,
- Processing of Your Personal Data,
This Privacy Policy applies to our standardized subscription offering ("Offering"), your ESET HOME account ("Account") and to provision and use of the home.eset.com website, ESET HOME application as well as services and features provided by ESET via the Account (collectively "Services"). If there is a Service-specific Privacy Policy referred herein, its wording shall prevail in case of any discrepancies.
We may modify this Privacy Policy from time to time at our sole discretion. We will send You an email notification with a link to the Privacy Policy as amended or We will notify You of the amended version via in-app notification or by other electronic means. If You do not agree to or cannot comply with the Privacy Policy as amended, You shall cease to use the Account and Services and uninstall them if applicable. You will be deemed to have accepted the Privacy Policy as amended if You continue to use the Application or the Services after it becomes effective.
Our Services are intended for adults only. If You are less than eighteen (18) years old, You may only create and use the Account or the related Services if your parent or other legal guardian is involved.
Contact Information
If You would like to exercise your right as a data subject or You have a question or concern, send us a message at:
ESET, spol. s r.o.
Data Protection Officer
Einsteinova 24
85101 Bratislava
Slovak Republic
dpo@eset.sk
Processing of Your Personal Data
The Account and Services are provided by ESET under the Terms of Use ("Terms") and, if applicable, also under the End User License Agreement ("EULA") of ESET product associated with the relevant Service ("Product") and the ESET HOME application but some of them might require specific attention. We would like to provide You with more details on data collection and processing connected with your Account and provision of our Services. To make them all work, for the performance of the Terms and EULA under Art. 6 (1) (b) of GDPR, We need to collect or have access to following information:
- Your full name, country, valid email address and your login credentials are required for registration and use of the Account, for provision of Services and for establishment, exercise and defense of our legal claims. Moreover, we will obtain some basic technical information about a device and application You use to log into your Account.
- In order to help to protect your Account, each time You log into the Account, We will collect your browser fingerprint and IP address. In case of an unknown browser fingerprint as well as unknown IP address, We will send You an email to notify You about the potential suspicious attempt to log in to the Account.
- You may choose to use third-party authentication provided by Apple or Google to register and/or sign to your Account. In such case, We will process your email address (provided to us by such third party) and country of your location during the registration process and for other purposes specified above.
- ESET HOME requires information about managed devices and Product licenses to provide You with its managing functionalities. More specifically, We will process information related to your Product licenses, such as data related to the type of Product license You own (e.g. whether it is free, trial, paid etc.), license validity, activation status and license identification. In relation to those devices that were associated with your Account, We will process data about the device name and type, its operating system, security status, activated Products and data enabling device identification. In case of devices that use your Product licenses but were not associated with your Account (or were shared to another person and associated with their Account), only limited information will be processed, such as device name and type, model and date of Product activation.
- If You are a Product license owner and You choose to share it with your friend or a family member, You may do so by using our sharing functionality available from your Account, where You will be able to input their email address. We will only process such an email address to enable use of the relevant Product or the Service and to send a related invitation. Your friend might see your email address in such a message sent from us so that they know who initiated it. Your friend can contact us anytime to request We remove their data from our database. You will be able to cancel sharing of your License anytime.
- If You are not an owner of a Product license, but someone shared their Product license with You, the email address You provide during Account registration will be visible to the Product license owner. Rest assured that only You will be able to access full information about devices associated with your Account. The license owner will be able to view only limited information about your device as described above.
- Licensing and Billing Data. The name, email address, activation key and (if applicable) address, company affiliation and payment data are collected and processed by ESET in order to facilitate the activation of license, license key delivery, reminders on expiration, support requests, license genuineness verification, provision of our services and other notifications including marketing messages in line with applicable legislation or Your consent. ESET is legally obliged to keep the billing information for a period of 10 years. However, the licensing information will be anonymized no later than 12 months after the expiration of the license.
- Update and Other Statistics. The processed information includes information concerning the installation process and your computer, including the platform on which our product is installed and information about the operations and functionality of our products, such as operation system, hardware information, installation IDs, license IDs, IP address, MAC address, configuration settings of the product are processed for the purpose of provision update and upgrade services and for the purpose of maintenance, security and improvement of our backend infrastructure.
- ESET LiveGrid® Reputation System. This system enhances our malware protection by comparing hashes of files you scan against a cloud-based database of safe and unsafe files. For this, we use one-way hashes related to potential threats, ensuring we never identify you in the process.
- ESET LiveGrid® Feedback System. To stay ahead of new threats, we rely on this system. Gathering suspicious samples and metadata lets us quickly respond to emerging risks. Here is what we might collect with your help:
- Potential malware samples or other questionable files;
- Web usage details like IP addresses, website addresses, and network data;
- Information from crash reports and dumps.
While we aim only to gather necessary data, sometimes unintended information slips through, such as data within malware or embedded in filenames and URLs. Rest assured, we do not use this unintentional data within our main systems or for any stated purposes in this policy.
Any data we obtain through ESET LiveGrid® Feedback System is always processed without identifying you, keeping your identity safe and private. We will remove all email messages reported by You as spam or flagged by our service within one (1) month.
- ESET Parental Control contains functionalities that allow You to control access of managed users (such as your children) to a certain group of web pages and/or mobile applications, employ time management rules towards managed users and find the location of your device. To enable these features and depending on how exactly You set up rules for the managed users, ESET Parental Control will send information to ESET, including but not limited to information on visited websites, physical locations, mobile applications, information about the device, including information about the operation and functionality of the ESET Parental Control. The information may contain data about You or other managed users (You may specify managed users by name, age or even photo if You like to) or information about the controlled device, such as the operating system and applications installed. Data collected via ESET Parental Control will be processed only for providing You with the Service and they will be deleted sixty (60) to ninety (90) days after their collection.
- ESET Anti-Theft helps to prevent loss or misuse of critical data in direct connection with loss or theft of a computer or other device where it is installed. This function is switched off under the default settings of the relevant Product. If You chose to activate this function, data about the missing device would be collected and sent to ESET, which can include, depending on how exactly You set up the Service, data related to the device's network location, content displayed on its screen, device configuration and data recorded by a connected camera. Data collected via ESET Anti-Theft will be processed only for the purpose of providing You with the Service and they will be deleted one (1) year after their collection.
- ESET Password Manager allows You to store your passwords, credit card numbers or other data You choose in the locally installed application and synchronize and use them across your devices. Data You choose to save to the application are stored only locally on your devices and are protected and encrypted by your master password. To enable use of such data across your devices, they are also stored on our servers or on servers of our service providers, but only in the encrypted form so only You can access them. Neither ESET nor our service providers have access to your encrypted data or store your master password. Only You have the key to decrypt the data. You can activate this Service via your Account by inputting your email address or an email address of your friend to whom You would like to allow use of the Service under your Product license. To learn more information about processing of personal data via ESET Password Manager, please refer to a special Privacy Policy.
- Identity Protection allows You to store your personal information such as name, address, email address and have them verified against third-party databases and sources of stolen information, including but not limited to the leaked data databases. We will not use your data for any purpose other than to provide the monitoring and leaked information checking service, and we will not store your data for longer than necessary to provide the service.
- VPN does not apply retention to the logs.
- Contact information and data contained in your support requests may be required to provide You with support in case you request it. Based on the channel You choose to contact us, We may collect your email address, phone number, Product license information, Product details and description of your support case. You may be asked to provide us with additional information to facilitate support and to enable us to solve an issue You are facing.
- We use Google Barcode Scanning API to enable our application's QR code reader functionality. You can rest assured that captured image is only processed within your device. However, Google API may send to Google some technical information related to usage and performance of the API that is needed to maintain, debug and improve the API for usage analytics and diagnostic purposes. To learn more about this processing and the data collected, please refer to Google API Privacy information.
Moreover, We may process data obtained in the course of provision of our Services for some additional purposes:
- We may use your contact details or your Account to communicate with You in relation to Products or Services You use, such as to provide You with Service-related reports and notifications, to learn more about your needs and your satisfaction with our Services, but also for advertising of our products and services that are similar to ones You use, unless You opt-out from such marketing communication.
- We may process some aggregated statistical data relating to usage of our Services to improve them and their usability, analyze their performance and to fix any errors that may occur.
- Based on your opt-in consent, we may collect and process technical data related to the application crashes (such as device information, installation identifier, crash traces, crash minidump) to get insight into the crashes, learn about their causes and ensure the application is fully operational. We use Google to collect and analyze those data for us. To learn more about this processing and the data collected, please refer to the relevant Google Privacy Policy.
If You choose to activate the Customer Experience Improvement Program, the anonymous telemetry information relating to the use of Our products will be collected and used based on Your consent in compliance with Art. 6 (1) (a) GDPR.
We do not engage in any automated decision-making processes or profiling activities that have legal effects or significantly affect individuals.
Cookies
To make our website and Services work properly, We may store some cookies on your web browser, either when You visit our website, when You log into your Account or when You use a certain Service. By default, We only use cookies that are strictly necessary for the functioning of our website and the Services requested by You. We will ask for your consent to use any other cookies as those that are strictly necessary. To learn more about the processing of the cookies, please refer to our Cookie Policy.
Legal Basis of Personal Data Processing
There are a few legal bases for data processing which We use according to the applicable legislative framework related to protection of personal data. The processing of personal data at ESET is mainly necessary for the performance of the EULA and/or Terms of Use with End User (Art. 6 (1) (b) GDPR), which is applicable for the provision of ESET products or services, unless explicitly stated otherwise, e.g.:
- Legitimate interest legal basis (Art. 6 (1) (f) GDPR), that enables us to process data on how our customers use our Services and their satisfaction to provide our users with the best protection, support and experience We can offer. Even marketing is recognized by applicable legislation as a legitimate interest, therefore We usually rely on it for marketing communication with our customers.
- Consent (Art. 6 (1) (a) GDPR), which We may request from You in specific situations when we deem this legal basis as the most suitable one or if it is required by law.
- Compliance with a legal obligation (Art. 6 (1) (c) GDPR), e.g. stipulating requirements for electronic communication, retention for invoicing or billing documents.
Data Sharing and Confidentiality
We do not share your data with third parties. However, ESET is a company that operates globally through affiliated companies or partners as part of our sales, service and support network. Licensing, billing and technical support information processed by ESET may be transferred to and from affiliates or partners for the purpose of fulfilling the EULA, such as providing services or support.
ESET prefers to process its data in the European Union (EU). However, depending on your location (use of our products and/or services outside the EU) and/or the service you choose, it may be necessary to transfer your data to a country outside the EU. For example, we use third-party services in connection with cloud computing. In these cases, we carefully select our service providers and ensure an appropriate level of data protection through contractual as well as technical and organizational measures. In compliance with GDPR, We may transfer personal data to third countries only under specific conditions. We ensure that any such transfer is carried out in accordance with the GDPR's strict requirements, aiming to safeguard the rights and freedoms of individuals whose data is being transferred. Before transferring any data outside the European Union (EU) or the European Economic Area (EEA), we assess the adequacy of the recipient country's data protection laws and consider implementing appropriate safeguards, such as:
- We evaluate if the receiving country has an adequate level of data protection, based on the European Commission's assessments.
- We use approved SCCs to contractually bind both parties and ensure that the recipient processes personal data in compliance with GDPR requirements.
- We rely on recognized codes of conduct or certification mechanisms that demonstrate compliance with data protection requirements.
By taking these measures, We ensure that personal data transfers are secure, transparent, and in accordance with the GDPR's principles. For some countries outside the EU, such as the United Kingdom and Switzerland, the EU has already determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement.
We rely on third-party services and collaborate with the external processors to provide our services related to cloud computing, billing, etc.
Data Security
ESET implements appropriate technical and organizational measures to ensure a level of security which is appropriate to potential risks. We are doing our best to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. However, in case of data breach resulting in a risk to your rights and freedoms, We are ready to notify the relevant supervisory authority as well as affected End Users as data subjects.
Data Subject’s Rights
The rights of every End User matter and We would like to inform you that all End Users (from any EU or any non-EU country) have the following rights guaranteed at ESET. To exercise your data subject’s rights, you can contact us via support form or by e-mail at dpo@eset.sk. For identification purposes, we ask you for the following information: Name, e-mail address and - if available - license key or customer number and company affiliation. Please refrain from sending us any other personal data, such as the date of birth. We would like to point out that to be able to process your request, as well as for identification purposes, we will process your personal data.
Right to Withdraw the Consent. Right to withdraw the consent is applicable in case of processing based on consent only. If We process your personal data on the basis of your consent, you have the right to withdraw the consent at any time without giving reasons. The withdrawal of your consent is only effective for the future and does not affect the legality of the data processed before the withdrawal.
Right to Object. Right to object the processing is applicable in case of processing based on the legitimate interest of ESET or third party. If We process your personal data to protect a legitimate interest, You as the data subject have the right to object to the legitimate interest named by us and the processing of your personal data at any time. Your objection is only effective for the future and does not affect the lawfulness of the data processed before the objection. If we process your personal data for direct marketing purposes, it is not necessary to give reasons for your objection. This also applies to profiling, insofar as it is connected with such direct marketing. In all other cases, we ask you to briefly inform us about your complaints against the legitimate interest of ESET to process your personal data.
Please note that in some cases, despite your consent withdrawal or your objection processing, we are entitled to further process your personal data on the basis of another legal basis, for example, for the performance of a contract.
Right of Access. As a data subject, you have the right to obtain information about your data stored by ESET free of charge at any time.
Right to Rectification. If we inadvertently process incorrect personal data about you, you have the right to have this corrected.
Right to Erasure. As a data subject, you have the right to request the deletion or restriction of the processing of your personal data. If we process your personal data, for example, with your consent, you withdraw it and there is no other legal basis, for example, a contract, We delete your personal data immediately. Your personal data will also be deleted as soon as they are no longer required for the purposes stated for them at the end of our retention period.
Right to Restriction of Processing. If we use your personal data for the sole purpose of direct marketing and you have revoked your consent or objected to the underlying legitimate interest of ESET, We will restrict the processing of your personal data to the extent that we include your contact data in our internal black list in order to avoid unsolicited contact. Otherwise, your personal data will be deleted.
Please note that We may be required to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities. Retention obligations and periods may also result from the Slovak legislation. Thereafter, the corresponding data will be routinely deleted.
Right to Data Portability. We are happy to provide You, as a data subject, with the personal data processed by ESET in the xls format.
Right to Lodge a Complaint. As a data subject, You have a right to lodge a complaint with a supervisory authority at any time. ESET is subject to the regulation of Slovak laws and We are bound by data protection legislation as part of the European Union. The relevant data supervisory authority is The Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 82007 Bratislava 27, Slovak Republic.