Skip to main content

NOTICE TO CALIFORNIA, VIRGINIA, COLORADO, CONNECTICUT, UTAH, Texas, Florida, Oregon and Montana RESIDENTS

We are required by the California Consumer Privacy Act of 2018 (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), Texas Data Privacy and Security Act (“TDPSA”), Florida Digital Bill of Rights (“FDBR”), Oregon Consumer Privacy Act (“OCPA”), Montana Consumer Data Privacy Act (“MCDPA”) and other applicable legislation to provide to residents of the correspondent states an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information (the “Notice”).

Kaspersky provides products and services to business users and individual home users.

This Notice applies only to individual home users and website visitors who reside in California, whose interactions with us are limited to:

  • Visiting our US-based consumer websites, including MyKaspersky portal,
  • Requesting and receiving technical support for our consumer products or services,
  • Signing up for email alerts or other marketing communications,
  • Participating in one of our consumer-facing offers, programs or promotions, or
  • Interacting with us on social media.

For additional information about our collection and use of personal information of website visitors, and the rights and choices that may be available to website visitors, please visit our Kaspersky Lab Privacy Policy for Websites.

Privacy Practices

We do not sell personal information. As we explain in our privacy policies, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.

Below is a description of our privacy practices with respect to the personal information of USA residents who visit our websites, and otherwise interact with us as described in this Notice.

User activity

Personal information collection

Sources of personal information

Purposes for which we may collect and use tde personal information

Sharing

Signing up for email alerts

Interacting with us on social media

Name or alias

Email address

You

Operations

Research and development

Marketing

Shared with service providers

Establishing an account with us

Username

Password

You

Operations

Research and development

Shared with service providers

Visiting our websites

Receiving and responding to marketing emails

Device data

Online activity data

Information derived from device data and online activity data

Automatic collection

Operations

Marketing

Advertising

Research and development

Collected directly by or shared with our service providers

Collected directly by advertising partners

Please note that we may also disclose all personal information (a) with Kaspersky Lab group companies; (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Privacy Rights

The CCPA grants individuals the following rights:

Information

You can request information about how we have collected, used and shared your Personal Information during the past 12 months.

Access

You can request a copy of the personal information that we maintain about you.

Deletion

You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will also respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you.

The VCDPA, CPA and CTDPA grant individuals the following rights:

Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information. We will provide a copy of personal information we have obtained about you.

Data Portability

You have the right to request a copy of your personal data in in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

Correction Request

You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.

Appeals

If we deny your request, you have the right to appeal our decision. We will respond to appeals from Virginia and Connecticut residents within 60 days. We will respond to appeals from Colorado residents within 45 days.

The UCPA grants individuals the following rights:

Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information.

Data Portability

You have the right to request a copy of your personal data in a format that: to the extent technically feasible, is portable; to the extent practicable, is readily usable; and allow you to transmit the data to another controller without impediment, where the processing is carried out by automated means.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

The FDBR and TDPSA grants individuals the following rights:

Access

You have the right to confirm whether a controller is processing your personal data and accessing your personal data

Data Portability

You have the right to request a copy of your personal data in a portable and, to the extent technically feasible, readily usable format if the data is available in a digital format.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

Accuracy (Correction Request)

You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.

The OCPA grants individuals the following rights:

Information

If you need information, you can make requests for confirmation on whether a Kaspersky is processing or has processed personal data; a list of specific third parties to which personal data has been disclosed; a copy of all personal data processed by the controller.

Accuracy (Correction Request)

You have the right to request a controller to correct inaccuracies in personal data about the consumer, taking into account the nature of the personal data and the controller’s purpose for processing the personal data. Once we receive and confirm your verifiable consumer request, we will correct your personal information from our records, unless an exception applies. If we deny your correction request, we will inform you and explain the basis for our denial.

Appeals

If we deny your request, you have the right to appeal our decision. We will respond to appeals from Oregon residents within 45 days.

Delete

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we deny your deletion request, we will inform you and explain the basis for our denial.

The MCDPA grants individuals the following rights:

Access

You have the right to confirm whether a controller is processing your personal data and accessing your personal data unless such confirmation or access would require the controller to reveal a trade secret

Data Portability

You have the right to request a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.

Deletion

You have the right to request that we delete personal information that we collected and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

Accuracy (Correction Request)

You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing.

Request Processing

You are entitled to exercise rights described below free from discrimination regardless of applicable law.

CCPA

According to the CCPA, we shall not require you to verify your identity to make a request to opt out of sale/sharing; however, we may ask you for information necessary to complete the request, which would not be burdensome on you as a consumer.

VCDPA

If we are unable to authenticate your request using commercially reasonable efforts, we will not be required to comply with a request to initiate an action following your request to exercise your rights. We may request that you provide additional information reasonably necessary to authenticate you and your request.

CPA

We are not required to comply with a request to exercise any rights if we are unable to authenticate the request using commercially reasonable efforts. In such cases, we may request the provision of additional information reasonably necessary to authenticate the request.

CTDPA

We are not required to comply with a request to exercise any rights if we are unable to authenticate the request using commercially reasonable efforts. In this context, we will provide notice to you that we are unable to authenticate the request until you provide additional information reasonably necessary to authenticate yourself and your request.

UCPA

If we are unable to authenticate your request using commercially reasonable efforts, we will not be required to comply with the request. We may request that you provide additional information reasonably necessary to authenticate your request.

TDPSA

We are not required to comply with your request, and we may request that you provide additional information reasonably necessary to authenticate yourself.

FDBR

If we are unable to authenticate your request, we will not be required to comply with it. However, we will make a reasonable effort to request that you provide additional information reasonably necessary to authenticate yourself and your request.

OCPA

We will notify you if we cannot authenticate your request without additional information from you using commercially reasonable methods.

MCDPA

If we are unable to authenticate your request, we will not be required to comply with it. However, we will make a reasonable effort provide you a notice that we are unable to authenticate the request until you provides additional information reasonably necessary to authenticate you.

How to Submit a Request

To request access to or deletion of personal information please contact us at https://support.kaspersky.com/general/privacy or directly by email: dpo@kaspersky.com.

Identity verification. The CCPA, VCDPA, CPA, CDTPA, UCPA, TDPSA, FDBR, OCPA and MCDPA require us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.

Authorized agents. You can empower an “authorized agent” to submit requests on their behalf if this right is granted by your applicable law. We will require the authorized agent to have a written authorization confirming that authority.

Online Tracking Opt-Out Guide

Like many companies online, we use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

Blocking cookies in your browser.  Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://allaboutcookies.org.

Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.

Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:

Google: https://adssettings.google.com

Microsoft: https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads

Facebook: https://www.facebook.com/about/ads

X: https://twitter.com/personalization

Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Digital Advertising Alliance: https://optout.aboutads.info

Network Advertising Initiative: https://optout.networkadvertising.org/?c=1

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Opt-out Rights.According to the applicable law you have the following rights to opt-out of the processing of your personal data for purposes of:

CCPA:

  • sale of personal information
  • sharing of personal information

VCDPA, CPA, CTDPA and OCPA:

  • targeted advertising;
  • the sale of personal data; or
  • profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

UCPA:

  • targeted advertising
  • sale of personal data

FDBR:

  • targeted advertising
  • sale of personal data
  • profiling with significant effects
  • collection of sensitive data
  • collection sensitive and precise geolocation data
  • collection data collected through voice or facial recognition features

TDPSA:

  • targeted advertising
  • sale of personal data

MCDPA:

  • targeted advertising
  • sale of personal data
  • profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer

GLOSSARY

Biometric Information

An individual’s physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Education Information

Personal information from an educational record, which could include: a student’s name, the names of the student’s parent or other family members, the address of a student or student’s family, a student’s personal identifier (e.g., SSN, student number), other indirect identifiers of the student (e.g., date of birth, place of birth, mother’s maiden name), other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

Financial Information

Bank account number, debit or credit card numbers, insurance policy number, and other financial information.

Geolocation Data

Precise location, e.g., derived from GPS coordinates or telemetry data

Identifiers

Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Inferences

The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Internet or Network Information

Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.

Medical Information

Personal information about an individual’s health or healthcare, including health insurance information. Does not include (a) medical information governed by California’s Confidentiality of Medical Information Act, (b) protected health information that is collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 or (c) information collected as part of certain clinical trials.

Online Identifiers

An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.

Physical Description

An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight).

Professional or Employment Information

This term is not defined in the privacy legislation, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

Protected Classification Characteristics

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Sensory Information

Audio, electronic, visual, thermal, olfactory, or similar information.