Processes that have an impact on the processing of personal data may change, as well as legal requirements. In order to be able to take these changes into account, it is therefore necessary to adapt the content of this privacy policy from time to time. We will also publish the amended version of the privacy policy here. If you visit us again, you should therefore read our privacy policy again.

In addition to the protection of your personal data, ESET Deutschland GmbH (hereinafter referred to as "ESET" or "We") is also very concerned about transparency regarding the processing of your personal data. In the following, we would therefore like to provide you with detailed information on the following topics in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications-Digital-Services-Data Protection Act (TDDDG), the Swiss Federal Act on Data Protection (FADP) and the Swiss Data Protection Ordinance (DSV):

Controller;
Personal data processed;
legal basis for processing personal data;
Data disclosure;
Processing in a third country;
Data integrity;
Your rights as a data subject;
Individual processing of your personal data;
Contact Information Data Protection Officer.

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR, Art. 5 (j) FADP is:

ESET Deutschland GmbH
Spitzweidenweg 32
07743 Jena
Deutschland – Germany
E-mail: info@eset.de

2. Personal Data Processed

In particular, we process the following personal data:

Name
Forename
E-mail-Address
Activationkey
IP address
If necessary, MAC Address
If applicable, postal address
If applicable, affiliation with the company
Payment details, if applicable

For further information on the personal data specifically processed in each case, please refer to our detailed information on the individual processing purposes.

3. Legal basis for processing personal data

Of course, we process your personal data exclusively in accordance with the provisions of the GDPR and the BDSG or FADP, i.e. only if there is a legal basis. For Switzerland, ESET will process your personal data lawfully and proportionately, tailored to the following purposes, in good faith. Personal data that is particularly worthy of protection in accordance with Art. 5 c FADP is expressly processed only if there is a legal basis.

Your personal data will be processed for the fulfilment of contractual obligations and purposes, Art. 6 para. 1 lit. b) 1. GDPR and Art. 6 FADP. This includes in particular:

Obtaining a (test) license
Activation of a license
Sending of license data
License expiration reminder
Requests for (technical) support
Notification as part of the competition
Marketing activities to companies in connection with the offer of content such as white papers and webinars.

Furthermore , we process your personal data at your request, insofar as this is necessary for the implementation of pre-contractual measures, Art. 6 para. 1 lit. b) 2. GDPR. This includes in particular:

Specific inquiries about our products, requests for quotations.

In addition, we process your data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR:

to be included in our internal blacklist to avoid unwanted contact
to assert legal claims, including debt collection and defence in legal disputes
for the purposes of the appeal on points of law
to ensure IT and building security
for the purpose of compiling statistics to improve products and services. In individual cases, we form customer profiles for this purpose by processing license reference and usage data; however, these profiles are immediately anonymized and are not used to analyze or predict aspects of your personal preferences.

We process your data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR for the following purposes in particular:

To send the newsletter with regular information on products, services and special offers of ESET Deutschland GmbH (partner)
To receive special information and offers from ESET Deutschland GmbH and authorized partners
for the personalized use of the website and personalized offers, including profiling
for analytical purposes in order to optimise our offer for you
Market research and customer survey

If we are legally obliged to do so, we also process your personal data in accordance with Art. 6 (1) (c) GDPR, e.g. to comply with retention obligations under commercial or tax law.

For further information on the respective processing of your personal data, please refer to our detailed information on the individual processing purposes.

4. Data disclosure

As a matter of principle, we do not pass on your personal data to third parties without your express consent.

Exceptions may exist in the categories of recipients listed below. However, the prerequisite for these exceptions is always that the disclosure of your personal data is based on one of the legal bases specified in Art. 6 para. 1 GDPR, i.e. that the disclosure is necessary for the performance of the contract or that there is a legal obligation or a legitimate interest.

If you use one of our ESET products or services, your personal data, such as e-mail address, license data, IP address, Mac address, will be processed by ESET, spol. s r.o. The legal basis for this is Art. 6 para. 1 b) 1. GDPR – Processing for the performance of contractual obligations. ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovak Republic is the manufacturer and license holder of ESET products and services. You can find more information on a product- and version-specific basis under help.eset.com.

We, ESET Deutschland GmbH, sell our software within the framework of a so-called vertical distribution model, i.e. we do not sell our products outside of our online store directly to you, our so-called end customers, but via authorized ESET Partner. Therefore, if you request products or services from us that are not available or not available in the size in our online store, we will pass on your data to an authorized ESET partner for further support. The legal basis for this is Art. 6 para. 1 b) 2. GDPR – Implementation of pre-contractual measures.

Not all tasks can be completed by our employees. For example, partners support us in the implementation of events, webinars and competitions or in establishing and maintaining contacts. In these cases, we transfer your personal data to partners who provide services to us. These partners process personal data exclusively on behalf of ESET Deutschland GmbH and in accordance with the instructions of ESET Deutschland GmbH.

Finally, due to a legal obligation and on the basis of a legitimate request, it may be necessary to disclose your data to (law enforcement) authorities or courts, for example. The legal basis for this is Art. 6 para. 1 c) GDPR.

For Swiss matters, ESET complies with the data protection requirements set out in Art. 6 FADP or Art. for particularly sensitive personal data, ESET ensures that there is a legal basis in the form of consent in accordance with Art. 6 FADP or a justification ground in Art. 31 FADP. Where processors are used to provide services, ESET ensures that the data protection requirements of Art. 9 FADP are met.

5. Processing in a third country

Personal data that you have provided to ESET will generally be processed in a member state of the European Union, such as Slovakia, the Republic of Ireland or Germany. However, depending on your location (e.g. when using our products and/or services outside the EU) and/or the service you choose, it may be necessary to transfer your data to a country outside the EU. For example, we use third-party services in connection with cloud computing. In these cases, we carefully select our service providers and, by taking contractual, technical and organisational measures, ensure that there is a level of data protection comparable to that of the EU.

For some countries outside the EU, such as the UK and Switzerland, the EU Commission has determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special permission or agreement.

If the data is transferred to a country for which the EU Commission has not issued an adequacy decision, we use the EU standard contractual clauses, possibly with supplementary contractual provisions.

For more information on adequacy decisions and standard contractual clauses, see EU Kommission_Angemessenheitsbeschlüsse and EU Kommission_Standardvertragsklauseln.

For matters that have an impact in Switzerland and in which your data is processed by ESET, the disclosure of personal data abroad will be made in accordance with Art. 16 and Art. 17 FADP. For ESET's customers in Switzerland, the service providers abroad are also carefully selected so that there is a comparable level of data protection. In assessing an adequate level of data protection, ESET adheres to the countries listed in Annex 1 of the Data Protection Regulation and the decisions made available by the Federal Council or the exceptions listed in Art. 16 FADP.

6. Data integrity

To protect your personal data, we take appropriate technical and organizational measures, in accordance with the need to protect personal data and in coordination with possible risks. We do our best to ensure the confidentiality, integrity, availability, traceability, and resilience of the processing systems and services. We regularly check and adjust data security during the entire processing period. When dealing with Swiss matters, ESET adheres to the principles set out in Art. 1 DSV.

Should there nevertheless be a breach of the protection of your personal data that poses a risk to your rights and freedoms, we will notify you and the competent supervisory authority in accordance with Art. 33 GDPR /the Swiss Federal Data Protection and Information Commissioner (FDPIC) in accordance with Art. 4 FADP.

7. Your rights as a data subject

The rights of every data subject matter and all data subjects (whether in an EU or non-EU country) have the rights listed below.

To exercise your rights, you can contact datenschutz@eset.de by email or contact us via our support form.

We ask you to refrain from sending further personal data - such as date of birth. If you send us a copy of your ID, we ask you to blacken all information except for your surname, first name - and for home users: address.

We would like to point out that in order to be able to process your request, as well as for identification purposes, we will process your personal data in accordance with Art. 6 para. 1 lit. c) GDPR. If the FADP and DSV become applicable in accordance with Art. 3 FADP, this processing is carried out in conformity with the Swiss data protection principles in Art. 6 FADP and the relevant Articles to ensure the protection of your rights.

Right to withdraw consent, Art. 7 para. 3 GDPR, Art. 30 para. 2 b) FADP

If we process your personal data on the basis of your consent, you have the right to revoke it at any time without giving reasons. This also applies to declarations of consent that you gave us before the GDPR or the FADP were applied, i.e. before 25.05.2018 or 01.09.2023.

The revocation of your consent only takes effect for the future and does not affect the lawfulness of the data processed up to the time of revocation.

Please note that in some cases, despite your withdrawal, we may continue to process your personal data on another legal basis – for example, for the performance of a contract.

For situations in Switzerland, you as a data subject can expressly declare in accordance with Art. 30 para. 2 b) FADP that you wish to revoke your prior consent to the processing of your personal data.

Please note that in some cases, despite your express declaration of intent, we are entitled to continue processing your personal data on the basis of a justification in accordance with Art. 31 FADP.

Right to object, Art. 21 GDPR in the case of processing based on a legitimate interest, Art. 30 para. 2 b) FADP

If we process your personal data to safeguard a legitimate interest of ESET Deutschland GmbH within the meaning of Article 6 pra. 1 f) GDPR, you have the right to object to the legitimate interest specified and the processing of your personal data at any time. Your objection only takes effect for the future and does not affect the lawfulness of the data processed up to the time of the objection.

If we process your personal data for direct marketing purposes, a justification of your objection is not required, Art. 21 para. 2 GDPR. This also applies to profiling, insofar as it is related to such direct advertising. In all other cases, we ask you to briefly inform us why you do not see a legitimate interest of ESET Deutschland GmbH in processing your personal data, Art. 21 para. 1 GDPR.

For circumstances and facts in Switzerland, your right to object by express declaration of intent arises from Art. 30 para. 2 b) FADP and is possible without proof of interest or other requirements. Please note that we may continue to process your personal data if there is a justification in accordance with Art. 31 FADP.

Rightof access, Art. 15 GDPR, Art. 25 FADP

As a data subject, you have the right to receive information about your data stored by ESET Deutschland GmbH at any time free of charge.

For circumstances with effect in Switzerland, you have a right of access in accordance with Art. 25 FADP. Please note that your right to access may be limited in terms of content under the provisions of Art. 26 and Art. 27 FADP.

Right to rectification, Art. 16 GDPR, Art. 32 FADP

If we inadvertently process inaccurate personal data about you, you have the right to have it corrected.

For circumstances with effects in Switzerland, you also have the right to rectification in accordance with Art. 32 FADP, unless a legal provision prohibits the change or the personal data is processed for archiving purposes in the public interest.

Right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR, Art. 32 FADP

As a data subject, you have the right to erasure or restriction of the processing of your personal data in accordance with Art. 17 or 18 GDPR. For circumstances with effects in Switzerland, Art. 32 FADP in conjunction with Art. 28, 28a of the Swiss Civil Code ensure the right to erasure and the right to restriction of processing.

If, for example, we process your personal data with your consent, you revoke it and there is no other legal basis – such as a contract – we will delete your personal data immediately.

Your personal data will also be deleted as soon as it is no longer required for the purposes stated for it.

If we use your personal data for the sole purpose of direct marketing and you have withdrawn your consent to this or have objected to the underlying legitimate interest of ESET Deutschland GmbH, we restrict the processing of your personal data to the extent that we include your contact details in our internal blacklist in order to avoid unwanted contact. In all other respects, your personal data will be deleted.

Please note that we will continue to store your personal data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities. Retention obligations and periods can result, for example, from the Commercial Code, the Tax Code and the Money Laundering Act and can usually amount to 6 to 10 years. In addition, we may store your data until the expiry of the statutory limitation periods (i.e. usually 3 years; in individual cases also up to 30 years), insofar as this is necessary for the assertion, exercise or defence of legal claims. After that, the corresponding data is routinely deleted.

Right to data portability, Art. 20 GDPR, Art. 28 FADP

We provide you, as a data subject, with the personal data processed by ESET in .xlsx format. In Swiss cases, your right to data portability pursuant to Art. 28 FADP is granted, as long as it is not denied , restricted or postponed for the reasons set out in Art. 26 paras. 1 and 2 FADP, stating the reason.

Right to lodge a complaint, Art. 77 GDPR, Art. 49 FADP

As a data subject, you have the right to lodge a complaint or report with a supervisory authority at any time.

The supervisory authority responsible in accordance with Art. 55 GDPR is the:

Thuringian State Commissioner for

Data protection and freedom of information

Postfach 90 04 55

99107 Erfurt

Deutschland – Germany

Email: poststelle@datenschutz.thueringen.de

As a data subject in Switzerland, you have the right to file a report with the Federal Data Protection and Information Commissioner at any time.

Federal Data Protection and Information Commissioner

Phone 058 462 43 95

Feldeggweg 1, 3003 Bern

Schweiz – Switzerland

Notification form for those affected

8. Individual processing of your personal data

Visit websites

You can visit our websites without providing any information about yourself. Every time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. These access data are evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our website offering. In accordance with Art. 6 (1) (f) GDPR, this serves to safeguard our legitimate interests in a correct presentation of our offer, which outweigh the legitimate interests in the context of a balancing of interests. In addition, when processing your personal data for the purpose of visiting our websites, ESET ensures that it meets the Swiss standards of Art. 6 FADP. All access data will be deleted no later than seven days after the end of your visit to the site.

Cookies and Tracking

We use so-called cookies to make visiting our website attractive and to improve it, to enable the use of certain functions, to display suitable products and to protect our website and applications. These include browser cookies, scripts, web beacons, tracking URLs, pixel tags and similar technologies. A similar technology that we use is a so-called "S-S." passive, server-side finger print. No information is processed for the creation of the fingerprint that is not necessarily transmitted or is not transmitted due to the browser settings of the end device when a website is accessed. We create a HASH value for the fingerprint. For this purpose, we use the data you transmit when you access our website, consisting of your abbreviated IP address, your user agent and a random sequence of numbers.

Only statistical data is associated with the fingerprint, not personal data that can be used to directly identify you (such as your email address or other data you enter into our online forms).

The fingerprints are intended to allow us to obtain general information about our website audience and about the performance of our online marketing campaigns, not about the individual visitor. For example, we want to use the fingerprint to measure the number of visitors to our website, to be informed about the source from which our website audience was referred to us, about how our website audience navigates through our website (e.g. which pages they have viewed), as well as about product purchases, downloads or whether filling in forms technically correct. The legal basis for this is our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

If you have consented to the use of analysis and/or marketing cookies, personal data may also be processed in accordance with our Cookie Policy. The legal basis in this case is Art. 6 para. 1 lit. a) GDPR, § 25 para. 1 TDDDG. For more information about cookies and tracking, please see our Cookie Policy.

You can adjust your settings by clicking on Manage Cookies. You can also find the link at the bottom of each of our web pages. Furthermore, you can set your browser in such a way that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. The same conditions apply to Swiss situations on the basis of Art. 45 c lit. b TCA.

Links to other websites

Our websites may contain links to other websites or to embedded websites. We are not responsible for the content of other companies' websites or their personal data collection practices. When you visit other websites, you will be asked to read the website owner's policy regarding privacy and other relevant policies.

ESET Online-Shop

Purchase of software solutions and support requests for ordering: We collect personal data as part of your order or support request in relation to the order. Mandatory fields are marked as such. They are absolutely necessary for the execution of the contract or to process your request, otherwise we will not be able to complete your order or answer your question. The legal basis for this is Article 6 para. 1 lit. b) GDPR. For Swiss situations, ESET complies with the data protection principles, mentioned in Art. 6 FADP, when you purchase our software or request support. The data collected can be seen from the respective input forms. We store this personal data for six years after the contract or order has been fully fulfilled in accordance with the legal requirements in accordance with § 257 (4) HGB, Art. 6 para. 1 lit. c) GDPR (business letters) or ten years in accordance with § 147 para. 3 AO, Art. 6 para. 1 lit. c) GDPR (invoices). Unlike billing data, we only store license data for a maximum period of 12 months from the expiration date of your license, and statistics that do not allow identification of the end user are deleted after a period of 4 years.

Payment: Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, the payment service provider commissioned or to the selected payment service provider for the purpose of processing payments. The legal basis for this is Art. 6 para. 1 lit. b) and f) GDPR. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

In the case of using PayPal Express, we process with your consent the personal data (title, surname, first name, e-mail address, address) provided to us by PayPal, PayPal S.àr.l, et Cie, S.C: A, 22-24 Boulevard Royal, L.2449 Luxembourg, Luxembourg.

We store the data relevant to the payment transaction and associated documents such as correspondence and if applicable, invoices for six years in accordance with the legal requirements for commercial letters mentioned in § 257 para. 4 HGB, Art. 6 para. 1 lit. c) GDPR or ten years for invoices according to § 147 para. 3 AO, Art. 6 para. lit. 1 c) GDPR.

Debt collection: In the case of due, unpaid and undisputed claims, we may transmit your data to these law firms and/or debt collection service providers, four weeks after receipt of the first of at least two written reminders informing you of a transmission to our cooperating law firms and/or debt collection service providers, we may transmit your data to these law firms and/or debt collection service providers, who will then demand these claims, if necessary also in their own name. The legal basis for this is Art. 6 para. 1 lit. f) GDPR, § 31 BDSG. Our overriding interest in the disclosure is to be able to effectively assert the exercise of legal claims.

Support requests for our products and services

We are also happy to answer any questions you may have about our products and services. For this purpose, you can use our contact form or our (live) chat. In each case, mandatory information, such as e-mail address, license information or, if applicable, telephone number, is collected. The mandatory fields are marked as such and are mandatory for processing your request and thus fulfilling the contract. Furthermore, the data entered by you during the chat or sent by e-mail, such as generated log files or dumps, will also be processed to process your request. The legal basis is Art. 6 para. 1 lit. b) GDPR.

For Swiss circumstances, ESET will process and collect your personal data for support requests in a proportionate and purposeful manner in good faith. In the case of technical questions, remote assistance from our employees may also be necessary. As a rule, TeamViewer (TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen / Germany) will be used for this purpose after your prior express consent.

Webinars

You can participate in webinars with us. If you register for a webinar, we will process your personal data for your participation in the webinar on the basis of Art. 6 (1) (b) GDPR. In accordance with the legal requirements, we will store the data relevant to the webinar and associated documents such as correspondence and, if applicable, invoices for six years after the conclusion of the webinar in accordance with the statutory provisions in the case of commercial letters in conformity with § 257 para. 4 HGB, Art. 6 para. 1 lit. c) GDPR or ten years for invoices according to § 147 para. 3 AO, Art. 6 para. Lit. 1 c) GDPR.

For webinars, we also use our U.S.-based service provider, LogMeIn Inc., 333 Summer Street, Boston, Massachusetts 02210. For more information on how LogMeIn Inc. handles personal information, please visit https://www.logmeininc.com/de/trust/privacy.

The processing of your personal data for the registration and participation in webinars is also compliant with the conditions for Swiss matters set out in Art. 6 FADP and Art. 9 FADP.

(Digital) Events

If you take part in a (digital) event offered, we ask you to register for it. We process your mandatory data in order to address you personally and to be able to offer you event content tailored to your company size and industry. The legal basis for this is Article 6 para. 1lit.b GDPR. When you register, we use the so-called double opt-in procedure online to prevent our email notifications from being sent to email addresses of people who have not requested them. In accordance with the requirements of the data protection supervisory authorities, your IP address will also be recorded and stored for documentation purposes. The legal basis for this is Art. 7 para. 1, Art. 6 para. 1 lit. c) GDPR. ESET also complies with the Swiss data protection requirements of Art. 6 FADP with regard to the registration and implementation of events.

Personal data may be passed on to service providers with whose support we organize and carry out the event as part of order processing within the meaning of Art. 28 GDPR or Art. 9 FADP. After the event has ended, we may contact you by email to find out how satisfied you were with the event and whether we can provide you with more information about our products and services. The legal basis for this is § 7 para. 2 no. 3 UWG, Art. 6 para. 1 lit. f) GDPR. You can object to the use of your data for marketing purposes by sending a message to the contact option described above or by clicking on the link provided for this purpose in the e-mail.

After you have unsubscribed (revocation of your consent or objection to the use of your data within the meaning of § 7 para. 3 UWG), we will delete your e-mail address, unless you have expressly consented to further use of your data or we are legally obliged to continue storing it. Of course, we will no longer contact you for marketing purposes in these cases.

During an event, we may take photos and videos that we would like to use as part of our public relations work, e.g. on social media platforms such as LinkedIn. The legal basis for this is our legitimate interest within the meaning of Art. 6 para. lit. 1 f) GDPR.

By accepting participation, you agree that these recordings may be published and distributed without further consent from you. If you do not wish to appear in these photo or video recordings, we ask you to inform the photo/video team. Our legitimate interest fulfils the data protection principles of Art. 6 FADP.

Sweepstakes

You can take part in free competitions with us, which we offer, for example, online on our website or at events, such as trade fairs. In order to participate in ESET competitions, it is mandatory that you register by providing your first name, surname, email address and country, the so-called "Registration Data". We process this registration data for the duration of the competition for the purpose of conducting and processing the competition (notification of the prize) on the basis of Article 6 (1) (b) GDPR or Article 6 FADP.

In the event of a win, we may also ask you for your postal address as part of the notification of the prize. The processing of this personal data is carried out for the purpose of sending your prize. Any further processing of the personal data provided for participation in the competition for advertising purposes will only be carried out with your prior express consent in accordance with. Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time for the future without giving reasons.

Your personal data will be deleted after the end of the competition and the retention period expires. If you have consented to an advertising contact, we will process your personal data until the consent is revoked.

To carry out the competitions, we use "dot.vu" as a service provider of Dot Marketing ApS Nupark 51, 7500 Holstebro, Denmark. Personal data is passed on within the framework of order processing based of Art. 28 GDPR or Art. 9 FADP.

Communication with us

If you have any questions or suggestions about our products, services, events or this privacy policy, please feel free to contact us. We process your information to answer your inquiries in accordance with Art. 6 para. 1 lit. b) GDPR or in compliance with the principles prescribed in Art. 6 FADP. The communication of address and telecommunications data marked as mandatory information is necessary in order to be able to process and answer your request. The voluntary provision of further data makes it easier for us to process your request.

We will usually store the information from your enquiry for one year after answering the enquiry in the event of further requests, if they are not commercial or business letters, which we store on the basis of § 257 para. 4 HGB, Art. 6 para. 1 lit. c) GDPR for six years.

Marketing by ESET

We process data from orders and other data collected outside the Internet to the extent permitted by law. The processed data is used for our own advertising as well as for our internal customer analyses in order to be able to offer you suitable information on the basis of Art. 6 para. 1 lit. f) GDPR and for Swiss situations on the basis of Art. 6 FADP. Our analyses are regularly pseudonymized.

We store your personal data collected for advertising purposes for as long as the advertising purpose exists or until we receive a revocation of your consent or your objection to the processing of your data for advertising purposes.

E-mail advertising and newsletters:

Customers: If you have purchased a product or service from our online store, you will receive regular information by email about your current ESET solution, such as tips on product usage, similar ESET solutions including information on special discounts, as well as our request for feedback on the ESET solution you are currently using and our service. The legal basis for this is Art. 6 para. 1 lit. f) GDPR, § 7 para. 3 UWG.

If you have expressly agreed to receive information about ESET solutions such as special discounts, product usage tips or satisfaction surveys, IT security topics, events or webinars, we will inform you regularly by e-mail. The legal basis for this is Art. 6 para. 1 lit. a) GDPR. We process your mandatory information when you give your consent in order to be able to address you personally and to provide you with information as a consumer or company according to your company size and industry. When obtaining your consent, we use the so-called double opt-in procedure online to prevent our email messages from being sent to email addresses of people who have not requested them. In accordance with the requirements of the data protection supervisory authorities, your IP address will also be recorded and stored for documentation purposes. The legal basis for this is Art. 7 para. 1, Art. 6 para. 1 lit. c) GDPR.

You can revoke your consent at any time or object to the use of your data for advertising purposes by sending a message to the contact option described above or by clicking on the link provided for this purpose in the newsletter.

After you have unsubscribed (revocation of your consent or objection to the use of your data within the meaning of Section 7 (3) UWG), we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this (name, address, e-mail address) in our internal advertising block list (so-called black list) and to store (block) them permanently – only for this purpose – and to use them for comparison with our future advertising files. use. The legal basis for this is Art. 21 para. 3, Art. 17 para. 3 lit. b), Art. 6 para. 1 lit. c), f) GDPR. In this way, compliance with your advertising objection or the revocation of your consent can be ensured in the long term.

Partner: If you have registered as a partner, we will also inform you as part of our business relationship in accordance with § 7 para. 3 UWG, Art. 6 para. 1 lit. b) GDPR by means of various newsletters (e.g. partner newsletters, technical newsletters, consumer newsletters, MSP newsletters) by e-mail about our products and/or services in accordance with your stored preferences. We process your mandatory information in order to send you the newsletter(s) you have chosen and to be able to address you personally. In order to receive certain newsletters, you must first register.

Telephone: In the context of an existing business relationship with our partners or otherwise with your express consent within the meaning of Art. 6 para. 1 lit. a) GDPR and/or on the basis of our legitimate interest within the meaning of § 7 para. 2 no. 2 UWG, Art. 6 para. 1 lit. f) GDPR in order to be able to send you information about our products, services and events, we inform you by telephone. We may receive your telephone contact details - to the extent permitted by law - from address brokers. Your consent can be revoked at any time. Please use the contact options given above.

We process your mandatory information when you give your express consent in order to be able to contact you and address you personally. If you give us your consent online, your IP address will be recorded and stored for documentation purposes. The legal basis for this is Art. 7 para. 1, Art. 6 para. 1 lit. c) GDPR.

All data protection measures taken by ESET concerning email marketing and the sending of newsletters are compliant with Art. 6 and 8 FADP and Art. 3 of the Federal Act against Unfair Competition.

Satisfaction surveys

To improve our products and services, we occasionally conduct customer satisfaction surveys. In the context of an existing business relationship with our partners or otherwise with your prior, explicit consent within the meaning of Art. 6 para. 1 lit. a) GDPR, we will ask you where you see improvements in our products/services. Your information will be anonymized. Your consent can be revoked at any time. Please use the contact options given above or the unsubscribe option in the survey. After revoking your consent, we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this (name, address, e-mail address) in our internal advertising block list and to store (block) permanently – only for this purpose – and to use it to compare it with our future advertising files. (Art. 21 para. 3, Art. 17 para. 3 lit. b), Art. 6 para. 1 lit. c), f) GDPR). In this way, compliance with your advertising objection or the revocation of your consent can be ensured in the long term. With regard to circumstances with effect in Switzerland, all of our listed data protection measures for satisfaction surveys enlisted above, comply with the required principles of Art. 6 FADP.

ESET Partnerportal

In order to participate in our partner program, we also ask our partners – dealers of IT security solutions – to provide contact persons. This information is used to carry out our business relationship. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. We store this personal data in accordance with the legal requirements after the conclusion of the contract for six years complantwith the statutory provisions in accordance with § 257 para. 4 HGB, Art. 6 para. 1 lit. c) GDPR or ten years according to § 147 para. 3 AO, Art. 6 para. 1 lit. c) GDPR.

The basis of our data protection efforts for partners in Switzerland is the compatibility of our data protection measures with Art. 6 FADP.

ESET products and services

Data protection is a matter of course for us – also in our products and services. For information on the processing of personal data when using ESET Security products and services, please refer to help.eset.com for product and version-specific information.

Reporting vulnerabilities and/or security vulnerabilities

We want to contribute to more IT security. Therefore, reporting vulnerabilities is very valuable to us, and we offer a number of channels through which you can provide us with samples of malicious or suspicious software. The samples and their metadata are processed and stored on the basis of the public interest as well as the legitimate interest of ESET, namely cybersecurity within the meaning of Art. 6 para. 1 lit. f) GDPR. For Swiss matters, we process your data lawfully in good faith, in this case for the purpose of reporting vulnerabilities and/or security vulnerabilities. ESET attaches particular importance to ensuring that our data protection measures fulfil the requirements of Art. 6 FADP.

Application management

As part of global recruitment and human resources management, we, ESET Deutschland GmbH, Germany, process your personal data together with ESET, spol. s r.o, Einsteinova 24, 85101 Bratislava, Slovak Republic, for local open positions. By sending your application, you agree within the meaning of Art. 6 (1) (a) GDPR that we may process your application documents together as part of the application process for ESET Deutschland GmbH. Of course, we will treat your application confidentially. It will not be passed on to third parties. You can withdraw your application at any time.

We process your personal data, which you provide to us, for example with your CV or other documents, exclusively for the purpose of the application process.

Your application documents will be passed on to the employees of our company involved in the selection process. Our employees are obliged to comply with data protection regulations.

If your application is successful, we can use the data you provide for the employment relationship. If your application is not successful, we will store your personal data and documents in our application database for a period of 2 years with your express consent. You can revoke your consent at any time with effect for the future. If you have not given us your consent for this, we will delete your personal data and documents sent to us after a period of 6 months. If you have applied for several positions, the data will be deleted after a period of 6 months after the conclusion of the last recruitment process. Our data protection measures with regard to the application process also meet the requirements of Art. 6 FADP. If the data in the application process is personal data that is particularly sensitive in accordance with Art. 5 c FADP, ESET will only process this data if there is a legal basis, such as your consent or a justification reason in the sense of Art. 31 FADP.

Surveillance

Our office in Jena is secured by a video surveillance system. This protects the access and security-relevant areas. In this case, the legal basis for the processing of personal data is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The measure serves exclusively to protect persons, premises, facilities and objects owned or possessed by ESET Deutschland GmbH, its employees, customers or partners.

In accordance with Art. 21 GDPR, as a data subject, you have the right to object to both our legitimate interest and the processing of your personal data. We ask you to justify your objection.

The data is automatically stored in a ring memory and cyclically overwritten.

Internal recipients of the video files are the management, the data protection officer and the IT and operations departments. The external recipient is the commissioned security service provider in the event of an alarm and within the framework of an order agreement. In the case of reasonable suspicion of a crime, we may pass on the video files to law enforcement agencies, criminal and civil courts.

9. Contact details

If you would like to exercise your right(s) as a data subject, or if you have any questions, suggestions or comments regarding the protection of your personal data by ESET Deutschland GmbH, please send us a message to:

ESET Deutschland GmbH
Data Protection Officer
Spitzweidenweg 32
07743 Jena
Deutschland – Germany
E-mail: datenschutz@eset.de

If you contact us by e-mail, it is not encrypted.