﻿Kaspersky Security Network Statement

A. INTRODUCTION

Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.

AO Kaspersky Lab (further Kaspersky) has created this Statement in order to inform and disclose its data gathering and dissemination practices for the Software.

Kaspersky has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing.

This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do – including protecting your Data.

The Kaspersky Security Network service allows users of Kaspersky security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") security risks targeting your computer, which helps to identify new threats and their sources and to help improve a user's security level. Such information is utilized by Kaspersky for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses. 

By participating in Kaspersky Security Network, you and the other users of Kaspersky security products from around the world contribute significantly to a safer Internet environment.

Legal Issues (if applicable)

Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.

Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.

Kaspersky may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. RECEIVED INFORMATION
The data to be processed depend on which Software You use or later switch to.

• Kaspersky Standard

In order to increase the Software's speed of reaction to information and network security threats, to prevent incidents and investigate those that do occur as well as to improve the quality of Kaspersky products, the User agrees to provide the following information:

• Information about the license and other agreements: type of Software license used.
• Information about the User environment: browser type; browser version; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); flag indicating whether the DNS domain exists; Wi-Fi network authentication type; list of available Wi-Fi networks and their settings; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; user classification of the Wi-Fi network; Wi-Fi network encryption type; local time of the start and end of the Wi-Fi network connection; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi signal strength; Wi-Fi network name; Software vendor name; parent application name; network category specified in Kaspersky VPN Secure Connection (home, work, public); network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe).
• Information about the operation of the Safe Money component: actions performed with the web address in the Software settings; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; indicator of remembered choice of action location for the web service; indicator of presence of web address in the Safe Money database.
• Information about the use of Kaspersky Security Network (KSN): protocol used to exchange data with KSN; ID of the KSN service accessed by the Software; date and time when statistics stopped being received; number of KSN connections taken from the cache; number of requests for which a response was found in the local request database; number of unsuccessful KSN connections; number of unsuccessful KSN transactions; temporal distribution of cancelled requests to KSN; temporal distribution of unsuccessful KSN connections; temporal distribution of unsuccessful KSN transactions; temporal distribution of successful KSN connections; temporal distribution of successful KSN transactions; temporal distribution of successful requests to KSN; temporal distribution of requests to KSN that timed out; number of new KSN connections; number of unsuccessful requests to KSN caused by routing errors; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; number of successful KSN connections; number of successful KSN transactions; total number of requests to KSN; date and time when statistics started being received.
• Information about the use of the application user interface, information about User opinion about the software: indicator of interactive mode; user's choice regarding controlling device connections to the home Wi-Fi network; ID of the control in the user interface; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; ID of the displayed window; time of sending statistics about using application GUI; action performed with the detected weak security setting; type of the user that performs the action with the weak security setting.
• Information about an object being processed: fragment content of the object being processed; date and time when the certificate expires; ID of the triggered record in the Software's anti-virus databases; local port that was attacked; ID of the account under which the controlled process was started; ID of the key from the keystore used for encryption; fragment order in the object being processed; data of the internal log, generated by the anti-virus Software module for an object being processed; result of certificate verification; certificate issuer name; public key of the certificate; calculation algorithm of public key of the certificate; certificate serial number; date and time of signing the object; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; date and time of the last modification of the object being processed; date and time of creating an object being processed; detect characteristics; objects or its parts being processed; attributes of executable file being processed; date and time of creating an executable file being processed; description of an object being processed as defined in the object properties; entropy of the file being processed; format of the object being processed; checksum type for the object being processed; the result of status check in KSN of an object being processed; trust indicator of the processed object according to KSN; date and time of linking the executable file; checksum (MD5) of the object being processed; name of the object being processed; names of the packers that packed the object being processed; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; checksum (SHA256) of the object being processed; information on who signed the file being processed; size of the object being processed; a flag indicating an application which runs automatically at startup; name of the detected malware or legitimate software that can be used to damage the user's device or data; object type code; the Software's decision on the object being processed; version of the object being processed; source of the decision made for the object being processed; checksum of the object being processed; checksum (MD5) of the object being processed; path to the object being processed; directory code; command line; information about file signature check results; vulnerability ID; vulnerability danger class; notification type, that triggered the statistic sending; logon session key; encryption algorithm for the logon session key; IP address of the attacker; debug detection indicator; attribute of an object being processed, that allowed to recall the false positive decision on the object; ID of the task in which detection was performed; confidence of detecting access to the phishing web service; phishing attack target; weight of the detected access to the phishing web service; protocol ID; storage time for object being processed; algorithm for calculating the digital certificate thumbprint; web address being processed; information about the client that uses a network protocol (user agent).
• Information about accessing a web service: type of the decision on a web address being processed; accessed address of the web service (URL, IP); type of client used to access the web service; reason for blocking access to the web service; category of reason for blocking access to the web service; DNS address of the web service being accessed; host source; accessed IPv4 address of the web service; accessed IPv6 address of the web service; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; web address of the source of the web service request (referer); web address being processed.
• Information about the Rightholder's installed Software: date and time when the certificate was issued; the Software database record ID; type of the triggered Software anti-virus databases record; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; timestamp of the Software databases; information on who signed the file being processed; command line; version of the Software's component; full version of the Software; Software update ID; installation date and time for the Software; Software localization; Software installation ID (PCID); Software health status after update; type of installed Software; statistics message type; version of the statistics being sent; type of scan task that detected the weak setting; result of the task of scanning weak security settings; ID of the weak security setting; version of the updater component.
• Information about the device: detected device type; device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS ID; OS Service Pack version; flag indicating whether the device is plugged in; version of the operating system installed on the user's computer; operating system bit version; OS edition.
• Other information: ID of the account under which the controlled process was started; command line; object time in the buffer; number of failed update installations for the updater component; number of update installation error for the updater component; error code of the update task; update task type.

• Kaspersky Plus or Kaspersky Premium

In order to increase the Software's speed of reaction to information and network security threats, to prevent incidents and investigate those that do occur as well as to improve the quality of Kaspersky products, the User agrees to provide the following information:

• Information about the license and other agreements: type of Software license used.
• Information about the User environment: browser type; browser version; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); flag indicating whether the DNS domain exists; Wi-Fi network authentication type; list of available Wi-Fi networks and their settings; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; user classification of the Wi-Fi network; Wi-Fi network encryption type; local time of the start and end of the Wi-Fi network connection; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi signal strength; Wi-Fi network name; Software vendor name; parent application name; network category specified in Kaspersky VPN Secure Connection (home, work, public); network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe).
• Information about the operation of the Safe Money component: actions performed with the web address in the Software settings; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; indicator of remembered choice of action location for the web service; indicator of presence of web address in the Safe Money database.
• Information about the use of Kaspersky Security Network (KSN): protocol used to exchange data with KSN; ID of the KSN service accessed by the Software; date and time when statistics stopped being received; number of KSN connections taken from the cache; number of requests for which a response was found in the local request database; number of unsuccessful KSN connections; number of unsuccessful KSN transactions; temporal distribution of cancelled requests to KSN; temporal distribution of unsuccessful KSN connections; temporal distribution of unsuccessful KSN transactions; temporal distribution of successful KSN connections; temporal distribution of successful KSN transactions; temporal distribution of successful requests to KSN; temporal distribution of requests to KSN that timed out; number of new KSN connections; number of unsuccessful requests to KSN caused by routing errors; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; number of successful KSN connections; number of successful KSN transactions; total number of requests to KSN; date and time when statistics started being received.
• Information about the use of the application user interface, information about User opinion about the software: indicator of interactive mode; user's choice regarding controlling device connections to the home Wi-Fi network; ID of the control in the user interface; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; ID of the displayed window; time of sending statistics about using application GUI; action performed with the detected weak security setting; type of the user that performs the action with the weak security setting.
• Information about an object being processed: fragment content of the object being processed; date and time when the certificate expires; ID of the triggered record in the Software's anti-virus databases; local port that was attacked; ID of the account under which the controlled process was started; ID of the key from the keystore used for encryption; fragment order in the object being processed; data of the internal log, generated by the anti-virus Software module for an object being processed; result of certificate verification; certificate issuer name; public key of the certificate; calculation algorithm of public key of the certificate; certificate serial number; date and time of signing the object; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; date and time of the last modification of the object being processed; date and time of creating an object being processed; detect characteristics; objects or its parts being processed; attributes of executable file being processed; date and time of creating an executable file being processed; description of an object being processed as defined in the object properties; entropy of the file being processed; format of the object being processed; checksum type for the object being processed; the result of status check in KSN of an object being processed; trust indicator of the processed object according to KSN; date and time of linking the executable file; checksum (MD5) of the object being processed; name of the object being processed; names of the packers that packed the object being processed; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; checksum (SHA256) of the object being processed; information on who signed the file being processed; size of the object being processed; a flag indicating an application which runs automatically at startup; name of the detected malware or legitimate software that can be used to damage the user's device or data; object type code; the Software's decision on the object being processed; version of the object being processed; source of the decision made for the object being processed; checksum of the object being processed; checksum (MD5) of the object being processed; path to the object being processed; directory code; command line; information about file signature check results; vulnerability ID; vulnerability danger class; notification type, that triggered the statistic sending; logon session key; encryption algorithm for the logon session key; IP address of the attacker; debug detection indicator; attribute of an object being processed, that allowed to recall the false positive decision on the object; ID of the task in which detection was performed; confidence of detecting access to the phishing web service; phishing attack target; weight of the detected access to the phishing web service; protocol ID; storage time for object being processed; algorithm for calculating the digital certificate thumbprint; web address being processed; information about the client that uses a network protocol (user agent).
• Information about accessing a web service: data of the intercepted DHCP package from the device; type of the decision on a web address being processed;  accessed address of the web service (URL, IP); type of client used to access the web service; reason for blocking access to the web service; category of reason for blocking access to the web service; DNS address of the web service being accessed; host source; accessed IPv4 address of the web service; accessed IPv6 address of the web service; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; web address of the source of the web service request (referer); web address being processed.
• Information about the Rightholder's installed Software: date and time when the certificate was issued; the Software database record ID; type of the triggered Software anti-virus databases record; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; timestamp of the Software databases; information on who signed the file being processed; command line; version of the Software's component; full version of the Software; Software update ID; installation date and time for the Software; Software localization; Software installation ID (PCID); Software health status after update; type of installed Software; statistics message type; version of the statistics being sent; type of scan task that detected the weak setting; result of the task of scanning weak security settings; ID of the weak security setting; version of the updater component.
• Information about the device: detected device type; number of symbols in the device name; device type; vendor of the device or network card; device ID; operating system family; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS ID; OS Service Pack version; flag indicating whether the device is plugged in; version of the operating system installed on the user's computer; operating system bit version; OS edition; first 5 bytes of device MAC address; OS family detection method; device type define method; device name define method; method used to define vendor of the device or network card detection; flag indicating if detected host name is the same as user's host name; operating system family; device type.
• Other information: ID of the account under which the controlled process was started; command line; object time in the buffer; number of failed update installations for the updater component; number of update installation error for the updater component; error code of the update task; update task type.

The Kaspersky Security Network service may process and submit whole files, for example, objects detected through malicious links which might be used by criminals to harm your computer and/or their parts, to Kaspersky for additional examination.

Additionally, to prevent incidents and investigate those that do occur, trusted executable and non-executable files, application activity reports, portions of the computer's RAM, and the operating system's boot sector may be sent, as well as the following information about files and processes:
• 	The names and paths of the files that were accessed by the process.
• 	URL- and IP addresses that were accessed by the process.
• 	URL- and IP addresses from which the running file was downloaded.

Kaspersky protects the information received in accordance with applicable governing law and Kaspersky rules. Data is transmitted over a secure channel.

Securing the Transmission and Storage of Data

Kaspersky is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Kaspersky does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky for promotional or other purposes.

C. USE OF THE PROCESSED DATA

Kaspersky processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky customers in the future.

Disclosure of Information to Third Parties

Kaspersky may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Company or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky may share certain information with research organizations and other security software vendors. Kaspersky may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS

Kaspersky takes and addresses its users' Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky by email: support@kaspersky.com.

In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.

CHOICES AVAILABLE TO YOU

In case of refusal to participate in KSN the above data is not transmitted. The data is processed and stored in a restricted and protected partition on the user's computer. This data cannot be restored after uninstallation. If you agree to participate in KSN, the data is transferred to Kaspersky for the above purposes.

Kaspersky protects the information received in accordance with applicable governing law and Kaspersky rules. Data is transmitted over a secure channel.

Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by altering the Feedback settings on your Kaspersky product's option's tab. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.

We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Kaspersky is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.

© 2021 AO Kaspersky Lab
