Legally speaking, about your privacy using ESET.
- Legal basis of personal data processing;
- Data sharing and confidentiality;
- Data security;
- Your rights as a data subject;
- Processing of Your personal data;
- Contact information.
Legal basis of personal data processing
- Legitimate interest legal basis (Art. 6 (1) (f) GDPR), which enables us to process data on how You use our services and your satisfaction with those services, in order to provide You with the best protection, support and experience We can offer. Marketing is recognized in the applicable legislation as a legitimate interest, therefore We usually rely on the legitimate interest legal basis for marketing communication or the consent, if applicable.
- Consent (Art. 6 (1) (a) GDPR), which We may request from You in specific situations where We deem this legal basis to be the most appropriate, or where it is required by law.
- Compliance with a legal obligation (Art. 6 (1) (c) GDPR), e.g. data retention for the purposes of electronic communication and/or invoicing.
Data sharing and confidentiality
We do not share your data with third parties. However, ESET is a company that operates globally through affiliated companies or partners as part of our sales, service and support network. Licensing, billing and technical support information processed by ESET may be transferred to and from its affiliates or partners for the purpose of fulfilling the EULA, for instance in the provision of services or support.
ESET prefers to process its data in the European Union (EU). However, depending on your location (e.g. when using our products and/or services outside the EU) and/or the service You choose, it may be necessary to transfer your data to a country outside the EU. For example, We use third-party services in connection with cloud computing. In these cases, We carefully select our service providers and ensure an appropriate level of data protection through contractual as well as technical and organizational measures. As a rule, We agree on the EU standard contractual clauses, if necessary with supplementary contractual regulations.
For some countries outside the EU, such as the United Kingdom and Switzerland, the EU has already determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement.
According to the applicable legislation and based on the legitimate request, We might be required to provide information to public authorities, law enforcement, or other entities.
ESET implements appropriate technical and organizational measures to ensure a level of security which corresponds to the potential risks. We do our best to ensure that the confidentiality, integrity, availability and resilience of processing systems and services is consistently maintained. However, in the event of a data breach resulting in a risk to your rights and freedoms, We will notify You as well as the relevant supervisory authority.
Your rights as a data subject
The rights of every data subject matter and all data subjects (whether in an EU or a non-EU state) have the rights set out below, guaranteed by ESET. To exercise your rights as a data subject, You can contact us via a support form or via email at email@example.com. For identification purposes, We will ask You for the following information: name, email address and – if available – license key or customer number and company affiliation. Please refrain from sending us any other personal data, such as date of birth. We would like to point out that to be able to process your request, as well as for identification purposes, We will process your personal data.
Right to withdraw consent.
The right to withdraw consent is applicable in the case of data processing based on consent only. If We process your personal data on the basis of your consent, You have the right to withdraw that consent at any time without giving any reason. The withdrawal of your consent is only effective in the future and does not affect the legality of data processing that occurred before the withdrawal of consent.
Right to object.
The right to object to processing is applicable in the case of data processed based on the legitimate interests of ESET or a third party. If We process your personal data to protect a legitimate interest, You as the data subject have the right to object to the legitimate interest named by us and the processing of your personal data at any time. Your objection is only effective in the future and does not affect the lawfulness of data processing that occurred before the objection. If We process your personal data for direct marketing purposes, it is not necessary to give reasons for your objection. This also applies to profiling, insofar as it is connected with such direct marketing. In all other cases, We will ask You to briefly inform us about your reasons for objecting to the legitimate interest of ESET to process your personal data.
Please note that in some cases, despite the withdrawal of your consent or objection to the processing of data, We are entitled to further process your personal data on a separate legal basis; for example, for the performance of a contract.
Right of access.
As a data subject, You have the right to obtain information about your data stored by ESET free of charge at any time.
Right to rectification.
If We inadvertently process incorrect personal data about You, You have the right to have this corrected.
Right to erasure.
As a data subject, You have the right to request the deletion or restriction of the processing of your personal data. If We process your personal data, for example, with your consent, and You later withdraw it, We will delete your personal data immediately, providing there is no other legal basis to retain them, for example, performance of a contract. Your personal data will also be deleted as soon as they are no longer required for the purposes stated for them at the end of our retention period.
Right to restriction of processing.
If We use your personal data for the sole purpose of direct marketing and You revoke your consent or object to the underlying legitimate interest of ESET, We will restrict the processing of your personal data to the extent that We include your contact data on our internal black list in order to allow us to avoid unsolicited contact. Otherwise, your personal data will be deleted.
Please note that We may be required to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities. Retention obligations and periods may also result from Slovak legislation. Thereafter, the corresponding data will be deleted.
Right to data portability.
We are happy to provide You, as a data subject, with the personal data processed by ESET in .xlsx format.
Right to lodge a complaint.
As a data subject, You have the right to lodge a complaint with a supervisory authority at any time. ESET is subject to regulation under Slovak law and We are bound by data protection legislation as part of the European Union. The relevant data supervisory authority is The Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 82007 Bratislava 27, Slovak Republic.
Processing of Your personal data
Generally, You may use our websites for information purposes without giving personal information and informing ESET who You are. On the other hand, some of our services need to collect more information:
- ESET may collect personal information for the purposes of direct communication with You in order to respond to your questions, and fulfill your requests. If You send us product orders, service requirements, other requests or if You upload any materials to our website, We may have to contact You in order to gain additional information necessary for processing or in order to fulfill your order, request or requirement. For this purpose, as well as for the purpose of performing the requested services, We need to process your details provided via web forms, email or applications.
- If You are already our customer or if You agree with the processing of your data for the purposes of marketing communication, We may use your details to administer marketing communication until You unsubscribe or withdraw your consent.
- Contact information and data contained in your support requests are required for provision of technical or other support provided by ESET. Based on the channel by which You choose to contact us, We may collect your email address, phone number, license information, product details and a description of your support case. You may be asked to provide us with other information to facilitate provision of support, such as generated log files or dumps. The data from such support may only be used for the provision of the support service and to enhance your experience while providing support. The maximum storage period is limited by the time required to provide support and review, and even in a pseudonymized form cannot exceed a period of 10 years.
- Email addresses provided to ESET, for example as part of trial license activation or purchases on our websites, may also be processed in the form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, i.e. profiling. Your activity on our website and your email address may be used to analyze or predict aspects concerning your personal preferences with respect to ESET products and services in order to provide personalized marketing messages or website content without any significant or legal consequences. The length of the retention period is based on the contract duration or the exercise of your right to object to the data’s processing.
- If You use our products or services designed for parents, the protection of personal data related to children is in place as required by the respective jurisdiction. All additional information is included in the product or service documentation.
- We want to do our best to help You to enjoy safer technology. Your input is very valuable for us and We provide a range of channels by which You can provide us with samples of malicious or suspicious software. Samples and their metadata will be processed and stored based on public interest as well as the legitimate interest of ESET, which is cybersecurity.
If You would like to exercise your right(s) as a data subject or You have a question or concern, please send us a message at:
ESET, spol. s.r.o.
Data Protection Officer