﻿Kaspersky Security Network Statement

A. INTRODUCTION

Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.

AO Kaspersky Lab (further Kaspersky Lab) has created this Statement in order to inform about and disclose its data gathering and dissemination practices for Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free and Kaspersky Security Cloud for Windows.

Kaspersky Lab has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing. 

This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do – including protecting your Data.

The Kaspersky Security Network service allows users of Kaspersky Lab security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") security risks targeting your computer, which helps to identify new threats and their sources and improve a user's security level. Such information is utilized by Kaspersky Lab for no other purpose than to enhance its security products and to further advance solutions against malicious threats and viruses. 

By participating in Kaspersky Security Network, you and the other users of Kaspersky Lab security products from around the world contribute significantly to a safer Internet environment.

Legal Issues (if applicable)

Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky Lab shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky Lab guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.

Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.

Kaspersky Lab may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky Lab may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. RECEIVED INFORMATION

In order to help detect new and evasive information security threats and their sources, identify potential intrusion threats, and act promptly to improve the level of protection of the information stored and processed by the User on the computer and for marketing purposes the User agrees to automatically submit the following information:

- Information about the Rightholder's installed Software: Software installation ID (PCID); full version of the Software; Software update ID; type of installed Software; Software ID; installation date and time for the Software; date and time of System Watcher start; type of the notification which should be shown when the user is busy; Software localization; indicator of interactive mode; ID of the type of notification shown to the user; information about displayed window prompting for application action; time of sending statistics about using application GUI; ID of the displayed window; name of the modified software setting; old value of the software setting; new value of the software setting; ID of the control in the user interface; name of the window prompting for user action; type of the window prompting for user action; severity of the window prompting for user action; user's choice in the window prompting for action; data in the window prompting for user action; information about system memory usage by the Software; Software health status after update; reason for stopping protection; idle time of protection; current status of the Software extension; name of the script, execution of which was interrupted by an error; number of the string in the script where the error has occurred; number of the character in the script string where the error has occurred; list of functions of the call stack where the error has occurred; notification type, that triggered the statistic sending; duration of software operation until the failure; name of method of detection of the software failure;

- Information about the User environment: device ID; external IP address; Device Guard (windows) enablement status; date and time of the OS launch; local port that was attacked; date and time of the BSOD or unexpected power off; full version of the OS kernel; user's decision on the detected incompatible software; ID of the account under which the controlled process was started; OS error code; additional information about OS features; additional information about CPU features; information about problems with third-party software; code integrity options; current operating mode of software drivers; OS version supported by software drivers; OS version supported by software drivers; hypervisor support mode; a web-browser usage mode; CPU load level; disk load level; product delays time;

- Other information: protocol used to exchange data with KSN; version of KSN request about file reputation; version of the statistics being sent; date and time of receipt of the application request (GMT); debug detection indicator; ID of the notification which is shown when the user is busy; user activity type when a notification should be shown to the user; protocol ID; object time in the buffer; statistics message type; date and time when statistics started being received; date and time when statistics stopped being received; number of successful connections to infrastructure service; number of unsuccessful connections to infrastructure service; number of successful transactions to infrastructure service; number of unsuccessful transactions to infrastructure service; temporal distribution of successful requests to infrastructure service; type of dump created by the Software; image name of the process the dump of which was detected by the Software; name of the module in which the failure probably occurred; date and time of dump creation; error type; name of subsystem in which the error occurred; error code; name of task in which the error occurred; type of statistics about unknown files; ID of the infrastructure service accessed by the Software; total number of requests to infrastructure service; number of requests to infrastructure services for which a response was found in the local request database; number of unsuccessful requests to infrastructure service caused by network problems; number of unsuccessful requests to infrastructure service caused by the Software settings; number of unsuccessful requests to infrastructure service caused by routing errors; temporal distribution of cancelled requests to infrastructure service; temporal distribution of requests to infrastructure service that timed out; ID of the KSN service accessed by the Software; temporal distribution of successful connections to infrastructure service; temporal distribution of unsuccessful connections to infrastructure service; temporal distribution of successful transactions to infrastructure service; temporal distribution of unsuccessful transactions to infrastructure service; number of connections to infrastructure service taken from the cache; number of new connections to infrastructure service; line number of the source file in the exception handler; protocol processing error type; text of the error message;

- Information about an object being processed: checksum (MD5) of the object being processed; number of software runs since the last time the file checksum was sent; format of the object being processed; checksum (SHA256) of the object being processed; name of the object being processed; size of the object being processed; weight of the detected access to the phishing web service; phishing attack target; confidence of detecting access to the phishing web service; ID of the mail being scanned; path to the object being processed; directory code; name of the foreground application; description of an object being processed as defined in the object properties; name of the detected malware or legitimate software that can be used to damage the user's device or data; IP address of the attacker; detected network attack name; trust indicator of the processed object according to KSN; information about file signature check results; application image size; value of the subsystem attribute from the PE file header; value of the characteristics attribute from the PE file header; number of sections in the PE file; bit mask of the Data Directories section in the PE file; overlay size in the PE file; properties and check sums of the parts of the execution file; type of executable file scan task that sends statistics; emulation depth; emulator version; version of a certain compiler; checksum (MD5) of the object being processed; entropy calculated over the first 4096 bytes of the section; entropy calculated over the last 4096 bytes of the section; zero value frequency calculated over the first 4096 bytes of the section; zero value frequency calculated over the last 4096 bytes of the section; numeric value frequency calculated over the first 4096 bytes of the section; numeric value frequency calculated over the last 4096 bytes of the section; 4-byte vector calculated over the first 4096 bytes of the section; 4-byte vector calculated over the last 4096 bytes of the section; virtual size of the PE file section; real size of the PE file section; DNS server response; IP address of the DNS server; time of DNS server response in the buffer; detect characteristics; the Software's decision on the object being processed; object type code; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; date and time of signing the object; certificate serial number; certificate issuer name; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; public key of the certificate; result of certificate verification; vulnerability ID; vulnerability danger class; ID of the task in which detection was performed; checksum type for the object being processed; checksum (SHA3) of an object being processed; type of the module being loaded; attributes that were assigned to an object being processed during scanning; date and time of linking the executable file; information on who signed the file being processed; names of the packers that packed the object being processed; entropy of the file being processed; date and time of creating an executable file being processed; attributes of executable file being processed; a flag indicating an application which runs automatically at startup; trust indicator of the module which integrity is checked by the Software; date and time of signing the module which integrity is checked by the Software; signer organization name; result of the module integrity check; flag indicating the presence of a signed timestamp in the digital certificate; digital certificate numerical order in the chain of trust; indicator showing whether the operation was allowed by self-defense; type of the program resource protected by self-defense, with which the operation is performed; name of the resource protected by self-defense, with which the operation is performed; name of operations performed to access the process; ID of the attacked software process; attributes of the process that attacked Software Self-Defense; sequence number of the script detected on the web page by the application; operation type of restoring object state; operation status of restoring object; information about object restoring error; version of the object being processed; information about failure in third-party software; name from the system log for the error occurred in third-party software; memory address with an offset, in which the third-party software failure occurred; duration of third-party software operation until the failure; checksum (SHA1) of an object being processed; date and time of signing the file; ID of the process into which the module was loaded; number of the module in the load queue since Software start; attribute of an object being processed, that allowed to recall the false positive decision on the object; trust group (system category) the file was moved to; trust group (system category) the file was moved from; reason for moving the file to the category;

- Information about local database update: the Software database record ID; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; ID of the triggered record in the Software's anti-virus databases; number of update-apply cycles for anti-virus databases; date and time of the most recent update and application of anti-virus databases; name of the original index file downloaded during the last update; date and time of downloading local original index file; number of failed update installations for the updater component; number of update installation error for the updater component; version of the updater component; number of files downloaded in one session from the update source; total size of information downloaded during update; average speed of interaction with the update source; type of usage error of the software update web server; the Software database record version; type of the triggered Software anti-virus databases record; update task type; error code of the update task; timestamp of the root index of available updates; timestamp of the root index of updates being downloaded; component name; timestamp of the update component (updated version); timestamp of the component (local version); code of the error category; result of the Software update installation; error code of software update installation; ID of the previous software update;

- Information about accessing a web service: type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; host source; information about the client that uses a network protocol (user agent); indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; accessed address of the web service (URL, IP);

- Information about the System Watcher component: code of the event that caused an event queue overflow while being processed by System Watcher; number of events that caused an event queue overflow while being processed by System Watcher; total number of queue overflows for events being processed by System Watcher; probability of sending statistics by System Watcher; code of the event that took longer than the standard time to process by System Watcher; processing time of the event that took longer than the standard time to process by System Watcher; database processing time of the event that took longer than the standard time to process by System Watcher; total number of events that took longer than the standard time to process by System Watcher; maximum allowed time for processing an event by System Watcher; date and time of received event of an action in the OS; processing delay time of the event about OS action in the persistent event storage subsystem; processing delay time of the event about OS action in the proactive defense subsystem; processing delay time of the event about OS action in the behavioral analysis subsystem; number of waiting synchronous OS action events; number of processed OS action events; number of processed synchronous OS action events; number of delayed OS action events of the current type; total delay of all OS action events of the current type; total delay of all OS action events; ID of the interception that was timed out while being processed in System Watcher; major and minor numbers of the interception filter that caused the interception that was timed out while being processed in System Watcher; type of the event that was timed out while being processed (klif/swmon); queue size of the System Watcher events that were timed out while being processed; time difference between the first event in the queue and the current event when sending statistics package by System Watcher; number of klif events that were timed out when sending statistics package by System Watcher; type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; host source; information about the client that uses a network protocol (user agent); indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; accessed address of the web service (URL, IP); date and time of detecting software by System Watcher; reason of detecting software by System Watcher; number of the detected software in the System Watcher context;

- Information about the license and other agreements: type of Software license used; Software license key creation date and time; Software activation date; Software key expiration date and time; number of devices/accounts covered by the Software license; serial number of the Software license key; Software license ID;

Additional information about detection: 
- Information about running applications and their modules; information about processes running in the system (system process ID (PID); process name; account under which the process was started; the application or command that started the process; the full path to process files; the command string used to launch the process; a description of the software to which the process belongs (software name and publisher information); information about digital certificates used; information needed to verify their authenticity; information to the effect that the file does not have a digital signature); information about modules loaded into processes: their names; sizes; types; creation dates; attributes; checksums (MD5, SHA2-256, SHA1), and paths to them; header information of PE files; names of the packer (if the file was packed);
- If an object that can be used by criminals to damage the Computer or personal data has been detected, the transmission includes information about process memory data; elements of the hierarchy of system objects (ObjectManager); UEFI BIOS memory data; names of registry keys and their values;
- Information about system log events: event time; name of the log where the event has been detected; type and category of event; name of the event source and event description;
- Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file of the process that opened the port; path to the process file and its digital signature; local and remote IP addresses; numbers of the local and remote connection ports; connection status; port opening time;
- Names and paths of the files that were accessed by the process; names of registry keys and their values that were accessed by the process; URL and IP addresses that were accessed by the process; URL and IP addresses from which the executable file was downloaded;
- Information about the versions of the operating system (OS) and service packs installed on the Computer; version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file; parameters of the OS operating mode;
- Information about software installed on the Computer: software name and the name of its vendors; information about registry keys and their values; information about files of components of installed software (including checksums (MD5, SHA2-256, SHA1) of the file; file name; path to the file on the Computer; size; version; digital signature);
- Information about hardware installed on the Computer: type; name; model; version of firmware; parameters of integrated and plug-in devices;
- Information about the failed last OS reboot (number of failed reboots);

If software had been unloaded, the data are not transmitted but may be stored in a limited-size storage on the User's computer. Such data cannot be restored after software is removed. After software has loaded, such data will be relayed to Kaspersky Lab for the purposes mentioned above.

In order to increase the effectiveness of protection provided by the Software, the Rightholder may receive objects that could be exploited by intruders to harm the Computer and create information security threats. Such objects include: executable and non-executable files or their parts; portions of the Computer's RAM; sectors involved in the process of booting the OS; network traffic data packets; web pages and emails containing suspicious and malicious objects; description of the classes and instances of classes of the WMI repository; application activity reports.

Such application activity reports contain the following data about files and processes: the name, size and version of the file being send; its description and checksums (MD5, SHA2-256, SHA1); file format identifier; the name of the file's vendor; the product name to which the file belongs; full path on the Computer; template code of the file path; the creation and modification timestamps of the file; start and end date/time of the validity period of the certificate (if the file has a digital signature); the date and the time of the signature; the name of the issuer of the certificate; information about the certificate holder; the fingerprint; the certificate's public key and appropriate algorithms; the certificate's serial number;  the name of the account from which the process is running; checksums (MD5, SHA2-256, SHA1) of the name of the Computer on which the process is running; titles of the process windows; identifier for the anti-virus databases; name of the detected threat according to Rightholder's classification; data about the installed license; license identifier; license type and expiration date; local time of the Computer at the moment of the provision of information; names and paths of the files that were accessed by the process; names of registry keys and their values that were accessed by the process; URL and IP addresses that were accessed by the process; URL and IP addresses from which the running file was downloaded.

Also, in order to prevent false positives, the Rightholder may receive trusted executable and non-executable files or their parts.

Depending on the specific Software You use or switch to, additional data will also be processed.
If You use or switch to Kaspersky Internet Security, the following data will also be processed:
- Information about accessing a web service: type of the decision on a web address being processed; reason for blocking access to the web service; category of reason for blocking access to the web service; web address being processed; accessed IPv4 address of the web service; accessed IPv6 address of the web service; name of the service that provides user behavior tracking; category of the service that provides user behavior tracking, specified in the Software settings;

- Information about the Rightholder's installed Software: version of the Software's component; type of weakening of protection in Safe Money; extended code of weakening of protection in Safe Money; name and version number of the browser that runs in the protected mode; actions performed with the web address in the Software settings; type of scanning rarely used software; start mode of the Safe Money component for the web service; indicator of presence of web address in the Safe Money database; indicator of remembered choice of action location for the web service; operating status of the Software component; Software component name; modification type of connection mode to VPN server; operating mode of Kaspersky VPN Secure Connection; type of choosing country for connection to VPN server; exit country of VPN traffic; starting mode of Kaspersky VPN Secure Connection; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); ID of the starting scenario of VPN connection; code of the partner organization associated with the Software rebranding; user actions with the interface element in the application window; user ID calculated over software installation ID and scenario name of enabling VPN; ID of the full version of the Installation Assistant component; user story name; user story type; Software rebranding ID; event type and value;

- Information about Anti-Spam component: anti-spam engine version; names of triggered heuristic rules; sender IP address heuristically derived from the received headers and SMTP session; most likely IP address of the source of spam; technical information about status of scanning the email message for spam; technical information about method used to detect spam; technical information about probability that the email message is spam; full version of the Software before update;

- Information about an object being processed: current protection level of browser in Safe Money; time until full launch of the protected browser by Safe Money; name and version number of the browser from which the protected browser was launched by Safe Money; launch type of the protected browser by Safe Money; result of the protected browser launch by Safe Money; result of the browser protection by Safe Money; information about software being updated; Software name; Software vendor name; Software language ID; installation type of software update; Software update ID; localization ID of the Software update module; return code of the uninstallation process; command line; attribute signifying a violation of the integrity of the update file; Software installation/uninstallation status; list of image names of the processes that block software uninstallation; aggregated statistics of results of checking files against the offline KSN database; number of objects found to be trusted based on the explicit trusted signature; aggregated statistics of results of checking files against the online KSN database; number of files found to be trusted based on the signature; number of objects found to be trusted based on the trusted web address; number of objects found to be trusted based on the logic of trust inheritance from a trusted process; number of unknown objects for which a trusted or untrusted verdict has not been issued; number of objects that the user marked as trusted; number of objects with unique full path that were found to be unknown when determining trust status; number of objects with unique full path that were found to be untrusted when determining trust status; number of objects with unique full path that were found to be trusted when determining trust status; version ID of the Trusted Applications mode settings; stage ID of the Trusted Applications mode; state of detected rarely used software; result of processing the object in the task of searching for software recommended to remove; source of the installation date and time of the detected software; installation date and time of the detected software; date and time of the last use of the detected software; type of the detected third-party software; indicator showing that software update is critical; user's choice regarding software update; string to uninstall the application update; update uninstallation result; location of the object being processed on the disk; result (code) of checking application by the Trusted Applications component; web address to download the Software update; code of the error while downloading the update; location of the object being processed in Add/Remove Programs; string to uninstall the object being processed from the registry; bit mask of application categories in the application update component; object category in the application update component; indicator showing that the application is placed to exclusions; ID of shutdown type of the Installation Assistant component; type of pattern that triggered Installation Assistant; version of pattern that triggered Installation Assistant; type ID of the interface element in the application window; path to the interface element in the application window; data at the interface element in the application window; available actions with the interface element; x coordinate of the interface element in the window; y coordinate of the interface element in the window; external name of the file that matches the process and was detected by Installation Assistant; internal name of the file that matches the process and was detected by Installation Assistant; copyright string for the file that was detected by Installation Assistant; indicator showing that Installation Assistant was started from the command line;

- Information about local database update: timestamp of the Software databases;

- Other information: ID of the action performed by user within the Software; indicator of action location when starting protected browser in Safe Money;

- Information about the User environment: Wi-Fi network name; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network encryption type; Wi-Fi signal strength; DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6, subnet mask); user classification of the Wi-Fi network; flag indicating whether the DNS domain exists; URL of the service used to access the internet; local time of the start and end of the Wi-Fi network connection; detected device type; flag indicating whether the device is plugged in; list of available Wi-Fi networks and their settings; user's choice regarding controlling device connections to the home Wi-Fi network; browser type; browser version;

If You use or switch to Kaspersky Total Security, the following data will also be processed:
- Information about accessing a web service: type of the decision on a web address being processed; reason for blocking access to the web service; category of reason for blocking access to the web service; web address being processed; accessed IPv4 address of the web service; accessed IPv6 address of the web service; name of the service that provides user behavior tracking; category of the service that provides user behavior tracking, specified in the Software settings;

- Information about the Rightholder's installed Software: version of the Software's component; type of weakening of protection in Safe Money; extended code of weakening of protection in Safe Money; name and version number of the browser that runs in the protected mode; actions performed with the web address in the Software settings; type of scanning rarely used software; start mode of the Safe Money component for the web service; indicator of presence of web address in the Safe Money database; indicator of remembered choice of action location for the web service; operating status of the Software component; Software component name; modification type of connection mode to VPN server; operating mode of Kaspersky VPN Secure Connection; type of choosing country for connection to VPN server; exit country of VPN traffic; starting mode of Kaspersky VPN Secure Connection; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); ID of the starting scenario of VPN connection; code of the partner organization associated with the Software rebranding; user actions with the interface element in the application window; user ID calculated over software installation ID and scenario name of enabling VPN; ID of the full version of the Installation Assistant component; user story name; user story type; Software rebranding ID; event type and value;

- Information about Anti-Spam component: anti-spam engine version; names of triggered heuristic rules; sender IP address heuristically derived from the received headers and SMTP session; most likely IP address of the source of spam; technical information about status of scanning the email message for spam; technical information about method used to detect spam; technical information about probability that the email message is spam; full version of the Software before update;

- Information about an object being processed: current protection level of browser in Safe Money; time until full launch of the protected browser by Safe Money; name and version number of the browser from which the protected browser was launched by Safe Money; launch type of the protected browser by Safe Money; result of the protected browser launch by Safe Money; result of the browser protection by Safe Money; information about software being updated; Software name; Software vendor name; Software language ID; installation type of software update; Software update ID; localization ID of the Software update module; return code of the uninstallation process; command line; attribute signifying a violation of the integrity of the update file; Software installation/uninstallation status; list of image names of the processes that block software uninstallation; aggregated statistics of results of checking files against the offline KSN database; number of objects found to be trusted based on the explicit trusted signature; aggregated statistics of results of checking files against the online KSN database; number of files found to be trusted based on the signature; number of objects found to be trusted based on the trusted web address; number of objects found to be trusted based on the logic of trust inheritance from a trusted process; number of unknown objects for which a trusted or untrusted verdict has not been issued; number of objects that the user marked as trusted; number of objects with unique full path that were found to be unknown when determining trust status; number of objects with unique full path that were found to be untrusted when determining trust status; number of objects with unique full path that were found to be trusted when determining trust status; version ID of the Trusted Applications mode settings; stage ID of the Trusted Applications mode; state of detected rarely used software; result of processing the object in the task of searching for software recommended to remove; source of the installation date and time of the detected software; installation date and time of the detected software; date and time of the last use of the detected software; type of the detected third-party software; indicator showing that software update is critical; user's choice regarding software update; string to uninstall the application update; update uninstallation result; location of the object being processed on the disk; result (code) of checking application by the Trusted Applications component; web address to download the Software update; code of the error while downloading the update; location of the object being processed in Add/Remove Programs; string to uninstall the object being processed from the registry; bit mask of application categories in the application update component; object category in the application update component; indicator showing that the application is placed to exclusions; ID of shutdown type of the Installation Assistant component; type of pattern that triggered Installation Assistant; version of pattern that triggered Installation Assistant; type ID of the interface element in the application window; path to the interface element in the application window; data at the interface element in the application window; available actions with the interface element; x coordinate of the interface element in the window; y coordinate of the interface element in the window; external name of the file that matches the process and was detected by Installation Assistant; internal name of the file that matches the process and was detected by Installation Assistant; copyright string for the file that was detected by Installation Assistant; indicator showing that Installation Assistant was started from the command line;

- Information about local database update: timestamp of the Software databases;

- Other information: ID of the action performed by user within the Software; indicator of action location when starting protected browser in Safe Money;

- Information about the User environment: Wi-Fi network name; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network encryption type; Wi-Fi signal strength; DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6, subnet mask); user classification of the Wi-Fi network; flag indicating whether the DNS domain exists; URL of the service used to access the internet; local time of the start and end of the Wi-Fi network connection; detected device type; flag indicating whether the device is plugged in; list of available Wi-Fi networks and their settings; user's choice regarding controlling device connections to the home Wi-Fi network; browser type; browser version;

If You use or switch to Kaspersky Security Cloud for Windows, the following data will also be processed:
- Information on interaction with Web-Portal: Web-Portal account ID;

- Information about the User environment: unique device ID; OS ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; type of hardware platform; Wi-Fi network name; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network encryption type; Wi-Fi signal strength; DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6, subnet mask); user classification of the Wi-Fi network; flag indicating whether the DNS domain exists; URL of the service used to access the internet; local time of the start and end of the Wi-Fi network connection; detected device type; flag indicating whether the device is plugged in; list of available Wi-Fi networks and their settings; user's choice regarding controlling device connections to the home Wi-Fi network; browser type; browser version; first 5 bytes of device MAC address; operating system family; device type; number of symbols in the device name; vendor of the device or network card; data of the intercepted DHCP package from the device; obfuscated device name; S.M.A.R.T. attribute ID; threshold value of the attribute; attribute data; drive type; size of the source S.M.A.R.T. attribute; data read mode of the S.M.A.R.T. attribute; calculated value of the S.M.A.R.T. attribute; hard drive model; shortened serial number of the hard drive; hard drive firmware; calculated size of the hard drive; type of the hard drive; hard drive health; hard drive power on hours; hard drive temperature; size of data on the hard drive; interface type of the hard drive; database major version; database minor version; bit mask of the disk module operating states; vendor ID of the controller of the USB device; ID of controller mode for the USB device; controller type of the USB device; Software ID derived from the license;

- Information about local database update: value of the update task TARGET filter; timestamp of the Software databases;

- Information about accessing a web service: type of the decision on a web address being processed; reason for blocking access to the web service; category of reason for blocking access to the web service; web address being processed; accessed IPv4 address of the web service; accessed IPv6 address of the web service; name of the service that provides user behavior tracking; category of the service that provides user behavior tracking, specified in the Software settings;

- Information about the Rightholder's installed Software: version of the Software's component; type of weakening of protection in Safe Money; extended code of weakening of protection in Safe Money; name and version number of the browser that runs in the protected mode; actions performed with the web address in the Software settings; type of scanning rarely used software; start mode of the Safe Money component for the web service; indicator of presence of web address in the Safe Money database; indicator of remembered choice of action location for the web service; operating status of the Software component; Software component name; modification type of connection mode to VPN server; operating mode of Kaspersky VPN Secure Connection; type of choosing country for connection to VPN server; exit country of VPN traffic; starting mode of Kaspersky VPN Secure Connection; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); ID of the starting scenario of VPN connection; code of the partner organization associated with the Software rebranding; user actions with the interface element in the application window; user ID calculated over software installation ID and scenario name of enabling VPN; ID of the full version of the Installation Assistant component; ID of the user action; user story name; user story type; Software rebranding ID; event type and value;

- Information about Anti-Spam component: anti-spam engine version; names of triggered heuristic rules; sender IP address heuristically derived from the received headers and SMTP session; most likely IP address of the source of spam; technical information about status of scanning the email message for spam; technical information about method used to detect spam; technical information about probability that the email message is spam; full version of the Software before update;

- Information about an object being processed: current protection level of browser in Safe Money; time until full launch of the protected browser by Safe Money; name and version number of the browser from which the protected browser was launched by Safe Money; launch type of the protected browser by Safe Money; result of the protected browser launch by Safe Money; result of the browser protection by Safe Money; information about software being updated; Software name; Software vendor name; Software language ID; installation type of software update; Software update ID; localization ID of the Software update module; return code of the uninstallation process; command line; attribute signifying a violation of the integrity of the update file; Software installation/uninstallation status; list of image names of the processes that block software uninstallation; aggregated statistics of results of checking files against the offline KSN database; number of objects found to be trusted based on the explicit trusted signature; aggregated statistics of results of checking files against the online KSN database; number of files found to be trusted based on the signature; number of objects found to be trusted based on the trusted web address; number of objects found to be trusted based on the logic of trust inheritance from a trusted process; number of unknown objects for which a trusted or untrusted verdict has not been issued; number of objects that the user marked as trusted; number of objects with unique full path that were found to be unknown when determining trust status; number of objects with unique full path that were found to be untrusted when determining trust status; number of objects with unique full path that were found to be trusted when determining trust status; version ID of the Trusted Applications mode settings; stage ID of the Trusted Applications mode; state of detected rarely used software; result of processing the object in the task of searching for software recommended to remove; source of the installation date and time of the detected software; installation date and time of the detected software; date and time of the last use of the detected software; type of the detected third-party software; indicator showing that software update is critical; user's choice regarding software update; string to uninstall the application update; update uninstallation result; location of the object being processed on the disk; result (code) of checking application by the Trusted Applications component; web address to download the Software update; code of the error while downloading the update; location of the object being processed in Add/Remove Programs; string to uninstall the object being processed from the registry; bit mask of application categories in the application update component; object category in the application update component; indicator showing that the application is placed to exclusions; ID of shutdown type of the Installation Assistant component; type of pattern that triggered Installation Assistant; version of pattern that triggered Installation Assistant; type ID of the interface element in the application window; path to the interface element in the application window; data at the interface element in the application window; available actions with the interface element; x coordinate of the interface element in the window; y coordinate of the interface element in the window; external name of the file that matches the process and was detected by Installation Assistant; internal name of the file that matches the process and was detected by Installation Assistant; copyright string for the file that was detected by Installation Assistant; indicator showing that Installation Assistant was started from the command line; ID of the weak security setting; action performed with the detected weak security setting; type of the user that performs the action with the weak security setting; type of scan task that detected the weak setting; result of the task of scanning weak security settings;

- Other information: ID of the action performed by user within the Software; indicator of action location when starting protected browser in Safe Money; detection of device usage by a child; method used to detect devices in the network;

Kaspersky Lab protects the information received in accordance with applicable governing law and Kaspersky Lab's rules. Data is transmitted over a secure channel.

Securing the Transmission and Storage of Data

Kaspersky Lab is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky Lab operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky Lab uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky Lab takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky Lab employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Kaspersky Lab does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky Lab for promotional or other purposes.

C. USE OF THE PROCESSED DATA

Kaspersky Lab processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky Lab's products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky Lab customers in the future.

Disclosure of Information to Third Parties

Kaspersky Lab may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky Lab may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Kaspersky Lab or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky Lab may share certain information with research organizations and other security software vendors. Kaspersky Lab may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS

Kaspersky Lab takes and addresses its users' Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky Lab by email: support@kaspersky.com.

In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.

CHOICES AVAILABLE TO YOU

In case of refusal to participate in KSN the above data is not transmitted. The data is processed and stored in a restricted and protected partition on the user's computer. This data cannot be restored after uninstallation. If you agree to participate in KSN, the data is transferred to Kaspersky Lab for the above purposes.

Kaspersky Lab protects the information received in accordance with applicable governing law and Kaspersky Lab's rules. Data is transmitted over a secure channel.

Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by altering the Feedback settings on your Kaspersky Lab product's option's tab. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.

We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Kaspersky Lab is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare. 

© 2019 AO Kaspersky Lab
;ver=KSN/2021/MR3/
;:10aHKpDgYHsbBBQN77W92YTAaLSQCLC6ZHimMfUvgdvRnG1jqtwUFgQPtfMcdBU7KENdjRk5C04xxBw40/1KM8tK%%
=!AQAAEAwAJEpjiwAA0+t1010
*0B+t200.0
* j
-Қ>ϵ{|2'kqEL0f0}/0Evv0
*0J10	URU10
UMoscow10U

Kaspersky Lab10U	3520p1_KL0
201222141227Z
220317141227Z0[10	URU10
UMoscow10U

Kaspersky Lab1#0!Ucompid=PRODUCTANY_type=BIN0h0!*0	**C @27<	-cu!/W	AuIn7r1&^/r%>RV !K_T1{00+U#$0" هkޞΨ<(ILA
l0)U" ]-[xU(Y>b<|0U0U0 0U%0
+0$+t0
+t0
*A )<AJb}gu.C<6
GKphTn=I1$ae󂍫UG<50:0 h6OWvo$0
*0G10	URU10
UMoscow10U

Kaspersky Lab10
U3520p10
200903110145Z
480120110145Z0J10	URU10
UMoscow10U

Kaspersky Lab10U	3520p1_KL0h0!*0	**C @ä@Y6I_AyشxO{b\CgF@:&04NlE7O_/P00+U#$0"  柡?΂F[qכZ0)U" هkޞΨ<(ILA
l0U0U00#+t0+t0
*A q*,;\
A:OM#q
W0*~? Bڧ7NhI> No10" ]-[xU(Y>b<|0
*0
*@8C!DZmka@M"ge,8m?	1bPaoDvTfR3E$d0`
+71P0L	*H
=0910
*0j*H
	[Y0W*0.0
* '8pDjWfYI-L(S.1T20210506110533.2857704Z|0>0OANOpr0
*0T10	URU10
UMoscow10U

Kaspersky Lab10U3520p1_KL_Timestamp0
210405141340Z
210604141340Z0O10	URU10
UMoscow10U

Kaspersky Lab10Utype=Timestamp0h0!*0	**C @haK	Y
G7{;N)'n{r>T&қRvY6gt!?a00+U#$0" ;*%uӮӕ] Np<B=ta/0)U" &*8zMf9s~i,0U0U0 0U%0
+0
*A 	y1.r
*^ƳpSqQԉ/>,yI?!.060G~YFCADm\0
*0G10	URU10
UMoscow10U

Kaspersky Lab10
U3520p10
200903110221Z
480120110221Z0T10	URU10
UMoscow10U

Kaspersky Lab10U3520p1_KL_Timestamp0h0!*0	**C @k8 P8qFٝAن4Lyxc)G,V:TZ.BFG
{ף00+U#$0"  柡?΂F[qכZ0)U" ;*%uӮӕ] Np<B=ta/0U0U00U%0
+0
*A (^i!rO@an^沕醙*Ճ18J-=O{BzI;𤙨J1804" &*8zMf9s~i,0
*0	*H
	1
*H
	0	*H
	1
210506110533Z0/	*H
	1" e<l ,?iy]H
Mv0C*H
	/1402000.0
* eVFb@
-i2U0
*@"vttmlD^1/2=v~W}Q;}n%%